Re: Replay counter sizes: AH vs ESP -Reply

[Ran Atkinson <rja@cisco.com>]

[speaking only for myself]

In article <s2a70879.002@novell.com> CJ_LEE@novell.com wrote:

>Marcus,
>     Both Derrell Piper and I raised the same question
>without getting any response.  

Incorrect.  

	I'll repeat the explanation below for those who missed it the first
time it appeared on this list.

>I suggest that unless
>someone can provide reasonable argument to justify
>the difference of the replay counter sizes, we should
>make them the same.

	The AH and ESP are designed to be used with both IPv4 and IPv6.  IPv6
_requires_ 64-bit alignment, which causes more bandwidth to be consumed in
various places, while IPv4 does not require this.  In order to avoid
gratuitously consuming IPv4 bandwidth on an IPv6-only requirement, the replay
counter sizes were made selectable.

	I've written about as much IPsec code as anyone.  It really isn't a
lot of code and it isn't a lot of complexity to support two replay counter
sizes (even on BSD with its mbuf data structures).

Ran
rja@cisco.com

---

Follow-Ups:

• Re: Replay counter sizes: AH vs ESP -Reply
• From: Derrell Piper <piper@tgv.com>

References:

• Replay counter sizes: AH vs ESP -Reply
• From: CJ Lee <CJ_LEE@novell.com>

---

• Prev by Date: Updated IPSEC DOI draft
• Next by Date: Re: Replay counter sizes: AH vs ESP -Reply
• Prev by thread: Re: Replay counter sizes: AH vs ESP -Reply
• Next by thread: Re: Replay counter sizes: AH vs ESP -Reply
• Index(es):
  • Main
  • Thread