[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: replay field size

To: ipsec@tis.com
Subject: RE: replay field size
From: mjo@tycho.ncsc.mil (Michael J. Oehler)
Date: Tue, 11 Feb 97 16:27:43 EST
Cc: rja@inet.org, palamber@us.oracle.com
Sender: owner-ipsec@ex.tis.com

>From: Ran Atkinson  <rja@inet.org> Date: Tue, 11 Feb 97 03:53:56
> 	
> Should AH and ESP both have a fixed size replay counter ? (Yes/No/Don't Care)
> If they have a fixed size counter, what size should it be? (32 bits/64 bits)
> Should SHA-1 output be truncated to 128 bits from 160 bits ? (Yes/No/Don't Care)
>

1. Permit optional replay counter.

2. 64 bit Replay Counter.
        A 64 bit replay field does not preclude an implementation from preforming
        a re-key sooner. The AH header will be 64 bit aligned without adding a
        reserved field which wastes bandwidth and in that spirit
        (in addition to Hugo's technical input).

3. Truncate the SHA-1 to 128 bits
        The format for MD5 and SHA will then be identical.

Another conundrum
-Mike

Follow-Ups:

RE: replay field size

From: Phil Karn <karn@qualcomm.com>

Prev by Date: Re: replay field size
Next by Date: Re: replay field size straw poll
Prev by thread: Re: replay field size
Next by thread: RE: replay field size
Index(es):
- Main
- Thread