RE: replay field size straw poll

[Naganand Doraswamy <naganand@ftp.com>]

>Unless there is a significant change to the AH header, a 32 bit non-optional
>counter and a 128 bit HMAC value will not resolve the alignment problem.
>
>01234567012345670123456701234567
>+------+-------+-------+-------+
>| NH   | Len   |  Reserved     |       32 bits
>+------+-------+-------+-------+
>|             SPI              |       32 bits
>+------+-------+-------+-------+
>| Replay Prev. Counter         |       32 bits
>+------+-------+-------+-------+
>|                              |
>|        HMAC                  |
>|        Value                 |      128 bits
>|                              |
>+------+-------+-------+-------+
>
>                               total: 224 bits --- not multiple of 64
>
>Possible solutions would be 1) 64 bit counter, 2) a 64 bit alignment pad
>trailer, or 3) a 160 bit HMAC Value.
>

I suggest that we provide a reserved field of 32 bits, either before or
after the replay counter if replay is used and also say that the transform's
output should either be padded or truncated to a multiple of 64 bits. This
will solve the 64 bit alignment problem for V6 and also make sure that the
transforms dont have to worry about the basic AH header length to decide
about 64 bit alignment.

--Naganand
----------------------------------------------------------------
naganand@ftp.com
Tel #: (508)684-6743 (O)