Re: replay field size
wei@tis.com Thu, 13 February 1997 18:22 UTC
Received: from cnri by ietf.org id aa29638; 13 Feb 97 13:22 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa28565; 13 Feb 97 13:22 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id NAA07004 for ipsec-outgoing; Thu, 13 Feb 1997 13:10:36 -0500 (EST)
Message-Id: <199702131810.NAA07004@portal.ex.tis.com>
Date: Thu, 13 Feb 1997 10:15:34 -0800
To: John Keating <jkeating@ire.com>, "'ipsec@tis.com'" <ipsec@tis.com>
From: wei@tis.com
Subject: Re: replay field size
Cc: "'keating@jagunet.com'" <keating@jagunet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
At 12:01 PM 2/12/97 -0500, John Keating wrote: >> Should AH and ESP both have a fixed size replay counter ? (Yes/No/Don't >Care) > >I would tend to look towards the future, and ask for negotiation. ("640K >is more than anyone would ever need!") Why hardwire something that may >need to be changed at some future date? Perhaps default to a minimum >value, but don't lock it in. Agree. I don't see why ESP need the replay counter? The IV along with ESP header is also functioning as a replay preventor. For AH, however, it should have the replay counter. There should be a flag field in the AH header to indicate if the parket include the replay or not and other values in the future. I think the reserve field are wasted. It should be removed and used as the flag (16 bits) in stead. In this way, one can flexibly add/change any fields in the future or live along with variable AH. I strongly disagree any FIXED agreement without flexibility fields. > >> If they have a fixed size counter, what size should it be? (32 bits/64 bits) > >See above, and default to 32 bits. > >> Should SHA-1 output be truncated to 128 bits from 160 bits ? (Yes/No/Don't >Care) With the AH flag, one can use whatever they like. > >I tend to lean towards leaving it at 160 bits. As some have mentioned, >it was designed at that, why weaken it by truncating it? Same as above. Wei Xu Trusted Information Systems, Inc
- RE: replay field size Roy Shamir
- RE: replay field size Michael J. Oehler
- Re: replay field size Niels Ferguson
- replay field size Derrell Piper
- Re: replay field size Matt Thomas
- RE: replay field size Roy Pereira
- RE: replay field size Ran Atkinson
- RE: replay field size Roy Pereira
- Re: replay field size Tim Bass (IETF)
- RE: replay field size Rob Adams
- Re: replay field size Dan McDonald
- RE: replay field size Ran Atkinson
- Re: replay field size Robert Glenn
- RE: replay field size Roy Pereira
- RE: replay field size Dan McDonald
- Re: replay field size Germano Caronni
- Re: replay field size John Keating
- Re: replay field size Derrell Piper
- Re: replay field size Ran Atkinson
- Re: replay field size wei
- RE: replay field size Stephen Kent
- Re: replay field size Matt Thomas
- RE: replay field size Phil Karn
- Re: replay field size Theodore Y. Ts'o
- Re: replay field size Perry E. Metzger
- Re: replay field size Niels Ferguson
- Re: replay field size Bill Sommerfeld
- Re: replay field size Theodore Y. Ts'o
- Re: replay field size Uri Blumenthal
- RE: replay field size Bob Monsour
- RE: replay field size Stephen Kent
- RE: replay field size Stephen Kent
- Re: replay field size Stephen Kent
- Re: replay field size Stephen Kent
- Re: replay field size Ran Atkinson
- Re: replay field size Steven Bellovin
- Re: replay field size Ran Atkinson
- Re: replay field size Jim Thompson
- Re: replay field size Bart Preneel