Re: replay field size

Bill Sommerfeld <sommerfeld@apollo.hp.com> Wed, 12 February 1997 18:32 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id NAA28068 for ipsec-outgoing; Wed, 12 Feb 1997 13:32:04 -0500 (EST)
Message-Id: <199702121835.AA053382556@relay.hp.com>
To: Niels Ferguson <niels@DigiCash.com>
Cc: "Theodore Y. Ts'o" <tytso@MIT.EDU>, ipsec@tis.com
Subject: Re: replay field size
In-Reply-To: niels's message of Wed, 12 Feb 1997 18:30:37 +0100. <199702121729.SAA18933@digicash.com>
Date: Wed, 12 Feb 1997 13:35:54 -0500
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

> BTW, if the hash is used to ensure message integrity, and there is a
> separate MAC to ensure authenticity, then you could eliminate the hash. A
> MAC provides integrity verification as well, but it doesn't help you
> distinguish between a integrity violation and a key-mismatch. 

We are discussing HMAC-SHA1, which is a MAC built out of SHA1, not
pure SHA1, which is an unkeyed hash.

See: http://www.ietf.org/html.charters/ipsec-charter.html
and, in particular, the following documents referenced from it:

RFC's:
	IP Authentication Header (RFC 1826)
	HMAC: Keyed-Hashing for Message Authentication (RFC 2104)

I-D's:
	HMAC-SHA IP Authentication with Replay Prevention

Your time may be limited, but please read these three documents at a
minimum before commenting further on this proposal; they are
small... less than 70k of text.

					- Bill