[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Comments on draft-metzger-ah-01.txt
- To: ipsec@ans.net
- Subject: Comments on draft-metzger-ah-01.txt
- From: David Waitzman <djw@BBN.COM>
- Date: Sun, 19 Mar 95 14:44:14 -0500
Section 2.1 second to last paragraph of Authentication Data: It says
"filled with unspecified implementation dependent (random) values".
The word "random" is perhaps dangerous here, since you (I presume)
don't mean cryptographicly random. I suggest removing it.
Section 3.1 third paragraph: Could you clarify which IP options are
calculated in the calculation? IP LSRR, timestamp, etc. options are
modified in transit so should not be in it.
Section 3.1 last paragraph: Must the ICMP data containing part of the
offending IP datagram have unmodified (e.g. pre-zeroing) values for
those fields zeroed in the crypto-checksum calculation? This would
require making a copy of the original datagram or at least of the
fields that will be zeroed, just in case the datagram is rejected but
may provide better error information. I suspect that you want the
faster behavior (e.g. no copying).
-david waitzman
(please send responses directly to me as I'm not on the ipsec list)