RE: replay field size

Roy Pereira <rpereira@timestep.com> Tue, 11 February 1997 20:50 UTC

Received: from cnri by ietf.org id aa29957; 11 Feb 97 15:50 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa22675; 11 Feb 97 15:50 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id PAA19770 for ipsec-outgoing; Tue, 11 Feb 1997 15:34:13 -0500 (EST)
Message-ID: <c=US%a=_%p=TimeStep_Corpora%l=TSNTSRV2-970211193250Z-2594@tsntsrv2.timestep.com>
From: Roy Pereira <rpereira@timestep.com>
To: "'ipsec@tis.com'" <ipsec@tis.com>, 'Ran Atkinson' <rja@inet.org>
Subject: RE: replay field size
Date: Tue, 11 Feb 1997 14:32:50 -0500
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

>
>>Should AH and ESP both have a fixed size replay counter ? (Yes/No/Don't
>>Care)

Yes.

>>If they have a fixed size counter, what size should it be? (32 bits/64 bits)

Don't Care.  Although, a 32-bit replay field might be easier to code on
a 32-bit CPU than a 64-bit replay.  I'm not sure since I haven't seen
any sample code for 64-bit replay protection.

>>Should SHA-1 output be truncated to 128 bits from 160 bits ? (Yes/No/Don't
>>Care)

No, I don't think that the digest size should be truncated to fit a
64-bit alignment.  That is not what the digest is intended to provide.
Padding would be preferable.