Replay counter sizes: AH vs ESP -Reply

CJ Lee <CJ_LEE@novell.com> Fri, 06 December 1996 01:35 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id UAA29850 for ipsec-outgoing; Thu, 5 Dec 1996 20:35:36 -0500 (EST)
Message-Id: <s2a70879.002@novell.com>
X-Mailer: Novell GroupWise 4.1
Date: Thu, 05 Dec 1996 17:37:23 -0800
From: CJ Lee <CJ_LEE@novell.com>
To: mleech@nortel.ca
Cc: ipsec@tis.com
Subject: Replay counter sizes: AH vs ESP -Reply
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

>>> "Marcus Leech" <mleech@nortel.ca> 12/05/96
11:31am   wrote:>>>
I note in reviewing:

draft-ietf-ipsec-esp-des-md5-03.txt

and

draft-ietf-ipsec-ah-hmac-md5-04.txt

That the counter sizes are different, even though the
underlying integrity
  mechanisms are identical (HMAC MD5).  I can see
this costing extra
  code in implementations, which wouldn't be
necessary if the counters
  were of the same size.

Marcus,
     Both Derrell Piper and I raised the same question
without getting any response.  I suggest that unless
someone can provide reasonable argument to justify
the difference of the replay counter sizes, we should
make them the same.

cj_lee@novell.com