[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Replay counter sizes: AH vs ESP -Reply
Ref: Your note of Fri, 6 Dec 1996 08:24:14 -0500 (EST) (attached)
> Keep in mind that these transforms are specified to provide security services
> for both version 4 and 6 of IP. IPv6 insists that "each extension header
> be an integer multiple of 8 octets, in order to retain 8-octet alignment for
> subsequent headers." (RFC1883) The differences in the Replay Prevention fields
> is primarily due to this alignment. A change to either would require
> adding an additional 32 bits of wasteful pad.
As I recommended in the past, and still recommend, 32 bit can be easily
saved (at least in the SHA case) by truncating the output of HMAC.
SO far I got no "official" response to my recommednation during the
"last call" of the AH-HMAC documents.
Hugo