Your questions
"srinivasrao.kulkarni" <srinu@trinc.com> Mon, 19 January 1998 16:21 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id LAA06592 for ipsec-outgoing; Mon, 19 Jan 1998 11:21:52 -0500 (EST)
Message-Id: <3.0.1.32.19980119190024.006946a0@192.9.200.10>
X-Sender: srinu@192.9.200.10
X-Mailer: Windows Eudora Light Version 3.0.1 (32)
Date: Mon, 19 Jan 1998 19:00:24 +0500
To: ipsec@tis.com
From: "srinivasrao.kulkarni" <srinu@trinc.com>
Subject: Your questions
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Hi All, I have some questions regarding "draft-ietf-ipsec-esp-v2-02.txt November 1997". As far as I know, if any header contains a variable length of data then it will have a field for the length of that variable field. But, I found that in case of ESP header there is no field that gives the payload length and authdata length whereas in AH header it has payload len. From the payload length, the authdata length can be determined easily. Is it that the length field is missing in ESP header format or is it not part of the header? And one more thing is that pad length is given for the padding field which is also of variable length. Assuming that the datagram has been read into a buffer, how can we access the ESP trailer in it since the authentication data which succeeds the ESP trailer and the payload data and padding which precede the trailer are both variable length fields? It was said w.r.t draft-ietf-ipsec-auth-hmac-sha196-01.txt Nov 1997 HMAC-SHA-1-96 produces a 160-bit authenticator value. This 160-bit value can be truncated as described in RFC2104. For use with either ESP or AH, a truncated value using the first 96 bits MUST be supported. Upon sending, the truncated value is stored within the authenticator field. Upon receipt, the entire 160-bit value is computed and the first 96 bits are compared to the value stored in the authenticator field. No other authenticator value lengths are supported by HMAC-SHA-1-96. My question is how does the receiver know whether the authdata is truncated or not i.e is it 96-bit or 160-bit without specifying the length in the ESP header ? Than 'Q' Your Sincerely SrinivasRao. B. Kulkarni Rendezvous On Chip Pvt Ltd. First Floor, Plot No. 14, NewVasaviNagar, Kharkhana, SECUNDERABAD - 500019. Ph : (040)7742606 email address : srinu@trinc.com
- Your questions srinivasrao.kulkarni
- Re: Your questions Stephen Kent