RE: replay field size
Ran Atkinson <rja@inet.org> Mon, 10 February 1997 03:22 UTC
Received: from cnri by ietf.org id aa03281; 9 Feb 97 22:22 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa03462; 9 Feb 97 22:22 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id SAA04393 for ipsec-outgoing; Sun, 9 Feb 1997 18:22:25 -0500 (EST)
Date: Sun, 09 Feb 1997 22:57:21 +0000
From: Ran Atkinson <rja@inet.org>
Subject: RE: replay field size
To: "'ipsec@tis.com'" <ipsec@tis.com>
Cc: rja@inet.org
X-Mailer: Chameleon ATX 6.0, Standards Based IntraNet Solutions, NetManage Inc.
X-Priority: 3 (Normal)
References: <c=US%a=_%p=TimeStep_Corpora%l=TSNTSRV2-970209204207Z-1699@tsntsrv2.timestep.com>
Message-ID: <Chameleon.855530582.rja@c8-a.snvl1.sfba.home.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
--- On Sun, 9 Feb 1997 15:42:07 -0500 Roy Pereira <rpereira@TimeStep.com> wrote: > Why was RFC2085 (HMAC-MD5 IP Authentication with Replay Prevention) > released with a 64-bit replay counter if so many of us objected? Because contrary to your assertions, there were NOT (repeat NOT) many objections to the 64-bit counter _during WG Last Call_. A very small number of people do NOT constitute "many". Process aside, the technical merit is slight. The amount of code needed for 2 replay sizes is clearly small (evidence some of the conforming implementations that existed prior to Last Call). The reason last call exists is to provide a "last" opportunity to object before things move forward to standards-track status. Input needs to arrive during the Last Call period, not afterwards. Participants are expected to remain current with the drafts all the time, last calls live at least a week so that folks can have a chance to re-read the draft before it proceeeds. If folks do not take the time to make their specific issues known to the WG chairs during last call, that is the choice of those individuals not the fault of the chair(s). > Furthermore, why wasn't a generic digest algorithm RFC released > (HMAC-x Authentication) instead ? The WG chose to proceed in the way it has. The changes Steve Kent has proposed would increase the fixed structure to both AH and ESP. If the WG decides to accept his edited drafts for Draft Standard, then a different approach can be employed down the road. At this point, a crucial consideration is avoiding making existing conforming implementations suddenly non-conforming by issuance of new RFCs. My understanding has always been that Steve's changes don't make existing conforming implementations suddenly non-conforming. > We should be able to just plug in a new cipher algorithm and a new > digest algorithm without having to re-invent the wheel. Just plug in > their identifiers and go... There _is_ more to it than just identifiers. Different algorithms have different modes and different resulting data sizes and IVs and so forth. With AH HMAC SHA-1 there was the question raised of using the standard 160-bit SHA-1 output or truncating to use 128-bits of SHA-1 output. If one truncates, then the method/process of truncation needs to be openly and clearly specified. Just assigning identifiers will tend NOT lead to interoperable implementations. Additional structure to the base specifications will help, but is probably not a panacea. Ran rja@Inet.org
- RE: replay field size Roy Shamir
- RE: replay field size Michael J. Oehler
- Re: replay field size Niels Ferguson
- replay field size Derrell Piper
- Re: replay field size Matt Thomas
- RE: replay field size Roy Pereira
- RE: replay field size Ran Atkinson
- RE: replay field size Roy Pereira
- Re: replay field size Tim Bass (IETF)
- RE: replay field size Rob Adams
- Re: replay field size Dan McDonald
- RE: replay field size Ran Atkinson
- Re: replay field size Robert Glenn
- RE: replay field size Roy Pereira
- RE: replay field size Dan McDonald
- Re: replay field size Germano Caronni
- Re: replay field size John Keating
- Re: replay field size Derrell Piper
- Re: replay field size Ran Atkinson
- Re: replay field size wei
- RE: replay field size Stephen Kent
- Re: replay field size Matt Thomas
- RE: replay field size Phil Karn
- Re: replay field size Theodore Y. Ts'o
- Re: replay field size Perry E. Metzger
- Re: replay field size Niels Ferguson
- Re: replay field size Bill Sommerfeld
- Re: replay field size Theodore Y. Ts'o
- Re: replay field size Uri Blumenthal
- RE: replay field size Bob Monsour
- RE: replay field size Stephen Kent
- RE: replay field size Stephen Kent
- Re: replay field size Stephen Kent
- Re: replay field size Stephen Kent
- Re: replay field size Ran Atkinson
- Re: replay field size Steven Bellovin
- Re: replay field size Ran Atkinson
- Re: replay field size Jim Thompson
- Re: replay field size Bart Preneel