[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: replay field size straw poll




Steve,

>	As editor for the AH and ESP specs, based on the traffic I've seen
>this last 2 weeks, I'm planing to go with 32-bit counters for both and to
>assume that the HMAC value will be 128 bits, to help resolve the alignment
>problem.  If there are strong objections to this tact, I'd like to hear by
>2/14.

Unless there is a significant change to the AH header, a 32 bit non-optional
counter and a 128 bit HMAC value will not resolve the alignment problem.

01234567012345670123456701234567
+------+-------+-------+-------+
| NH   | Len   |  Reserved     |       32 bits
+------+-------+-------+-------+
|             SPI              |       32 bits
+------+-------+-------+-------+
| Replay Prev. Counter         |       32 bits
+------+-------+-------+-------+
|                              |
|        HMAC                  |
|        Value                 |      128 bits
|                              |
+------+-------+-------+-------+

                               total: 224 bits --- not multiple of 64

Possible solutions would be 1) 64 bit counter, 2) a 64 bit alignment pad
trailer, or 3) a 160 bit HMAC Value.

Rob G.