Re: replay field size

[Matt Thomas <thomas@lkg.dec.com>]

At 04:44 PM 2/8/97 -0800, Derrell Piper wrote:
>There was clear consensus at the ANX IPSEC bakeoff last week to make the
>size of the replay field 32-bits for both AH and ESP.  If we _must_ have
>alignment for IPv4 IPSEC then the additional bits should be specified as
>alignment.  No one wants to do 64-bit math for replay computation.  It's
>silly.  In my opinion, IPv4 is misaligned for 64-bit hardware anyway and I
>don't see the point of aligning the fields just to keep the protocol
>consistent with IPv6.

IPv6 headers need to be 8-byte aligned.  Thus AH header must be a multiple
of 8-bytes in length.  For IPv4, a multiple of 4-bytes is fine.  The AH
data doesn't have to be 8-byte aligned.  [The destination option header
comes after the AH and can contain options that require 8-byte alignment].

>I don't think this issue needs the Security AD to resolve.  I think we
>already have consensus.  Let's hear now from anyone who absolutely must
>have 64 bits or else move to revise AH and ESP to reflect consensus.  We
>have much more interesting things to argue about.

All I want is that the AH header in IPv6 packets to be a multiple of 8-bytes
in length.  A 32-bit replay field is fine.  I don't even care where the
padding is (it would be nice if it were in a standard place), just that
it exists.

Matt Thomas                      Internet:   matt@lkg.dec.com
UNIX Networking                  WWW URL:    http://ftp.digital.com/%7Ethomas/
Digital Equipment Corporation    Disclaimer: This message reflects my own
Littleton, MA                                warped views, etc.

---

• Prev by Date: replay field size
• Next by Date: Re: Replay field size in AH
• Prev by thread: replay field size
• Next by thread: RE: replay field size
• Index(es):
  • Main
  • Thread