Re: draft-ietf-ipsec-ciph-des-derived-00

[Norman Shulman <norm@tor.securecomputing.com>]

On Wed, 23 Jul 1997, William Allen Simpson wrote:

> > Page 6, Pad Values, Range: Should be 1 to 255.
> >
> No, please read in context.  The value is the _configured_ maximum
> amount of padding to generate and check.  Zero (0) means no checking.
> For DES, when checking is enabled, the required value is 7, generating
> and checking 0-7 bytes of padding.  More than 7 are allowed.  Therefore,
> the configuration range is 7 to 255.
> 
> This section was designed to complement the text that the WG asked to be
> added to the ESP draft.  I will check the ESP draft to ensure that it
> includes the necessary explanation.

Since there are really two independent attributes here, I propose replacing
this parameter with the following two:

   Pad Checking
      New implementations use verifiable values.  However, some earlier
      implementations used pseudo-random values.  This check must only
      be used with those peers that have implemented this feature.

      Default: 0 (checking off).  Range: 0 to 1 (checking on).

   Maximum Pad Length
      Some operations desire additional padding to inhibit traffic analysis.

      Default: 7.  Range: 7 to 255.

Norm

                    Norman Shulman      Secure Computing Canada
     	         Systems Developer      Tel 1 416 813 2075
      norm@tor.securecomputing.com      Fax 1 416 813 2001