Re: replay field size

[Robert Glenn <glenn@snad.ncsl.nist.gov>]

1. Should AH and ESP both have a fixed size replay counter ? (Yes/No/Don't Care)

	I'm in favor of making replay prevention optional.  I realize
	that this isn't keeping with KISS, but I remained unconvinced
	of the utility of replay prevention within IP and I'm concerned
	about the added complexity this field adds to the IPSEC
	process.

	Making this field optional can be done by making the field a
	fixed size and simply ignoring it when not in use instead of
	excluding it (non-fixed size=0).  So for now, ...Don't Care
	with an inclination toward Yes.

2. If they have a fixed size counter, what size should it be? (32 bits/64 bits)
   
	I'd rather have 64 bits with the ability to negotiate the
	number of bits out of the 64 to use for re-keying purposes.
	Along these lines, 0 would be an allowable value.  This could
	even be worded that you MUST support 0-32 bits and SHOULD
	support 33-64 bits.

3. Should SHA-1 output be truncated to 128 bits from 160 bits ? (Yes/No/Don't Care)
	Actually, I don't care, but I'm inclined to go with truncation.


Rob G.

---

Follow-Ups:

• Re: replay field size
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: RE: replay field size straw poll
• Next by Date: RE: replay field size
• Prev by thread: RE: replay field size
• Next by thread: Re: replay field size
• Index(es):
  • Main
  • Thread