[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Replay counter sizes: AH vs ESP -Reply



Ref:  Your note of Fri, 6 Dec 1996 08:24:14 -0500 (EST) (attached)


 > Keep in mind that these transforms are specified to provide security services
 > for both version 4 and 6 of IP.  IPv6 insists that "each extension header
 > be an integer multiple of 8 octets, in order to retain 8-octet alignment for
 > subsequent headers." (RFC1883)  The differences in the Replay Prevention fields
 > is primarily due to this alignment.  A change to either would require
 > adding an additional 32 bits of wasteful pad.

As I recommended in the past, and still recommend, 32 bit can be easily
saved (at least in the SHA case) by truncating the output of HMAC.
SO far I got no "official" response to my recommednation during the
"last call" of the AH-HMAC documents.

Hugo