[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on ESP and AH IPSEC drafts.

To: glenn@snad.ncsl.nist.gov
Subject: Re: Comments on ESP and AH IPSEC drafts.
From: Rob Adams <adams@cisco.com>
Date: Fri, 4 Oct 1996 11:33:04
Cc: ipsec@TIS.COM
Sender: ipsec-approval@neptune.tis.com


>Since you know apriori whether a packet contains the replay field (i.e.
> information
>provided in the security association) is this really that big of a problem?
>

It's kind of a pain because it is variable in the fixed part of the header.  
None of this is tremendously difficult. It would just be cleaner and easier if 
the variable part of the header was at the end, after information that is 
fixed.  

Okay, Okay, okay.. maybe I'm nit picking.  But I still prefer:

   +12345678123456781234567812345678+
   |--------------------------------+
   | nexhdr|length |    reserved    |
   +--------------------------------+
   |                                |
   |           signature            |
   ~                                ~
   +--------------------------------+
   |        replay (optional?)      |
   +--------------------------------+
   |       ++ pad for md5 ++        |
   +--------------------------------+

This gives a real representation of the size of the replay field.  No padding 
necessary for SHA1.    You know the location of the signature, you know where 
the replay field is if you care, pad because length++.  Otherwise we have, if 
we have to do replay then replay is here and signature is here and pad is here 
for sha otherwise blah blah blah blah..  

Sue me, I'm a purist.. %) 

-----------------------------------------------------------
Rob Adams                                   adams@cisco.com
Cisco Systems                               408 457 5200
101 Cooper Street, Santa Cruz, CA 95060

Prev by Date: Re: replay window
Next by Date: Security Association Payload length
Prev by thread: Re: CBC vs. ECB
Next by thread: Security Association Payload length
Index(es):
- Main
- Thread