[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comments on draft-metzger-ah-01.txt

Section 2.1 second to last paragraph of Authentication Data: It says
"filled with unspecified implementation dependent (random) values".
The word "random" is perhaps dangerous here, since you (I presume)
don't mean cryptographicly random.  I suggest removing it.

Section 3.1 third paragraph: Could you clarify which IP options are
calculated in the calculation?  IP LSRR, timestamp, etc. options are
modified in transit so should not be in it.

Section 3.1 last paragraph: Must the ICMP data containing part of the
offending IP datagram have unmodified (e.g. pre-zeroing) values for
those fields zeroed in the crypto-checksum calculation?  This would
require making a copy of the original datagram or at least of the
fields that will be zeroed, just in case the datagram is rejected but
may provide better error information.  I suspect that you want the
faster behavior (e.g.  no copying).

-david waitzman

(please send responses directly to me as I'm not on the ipsec list)