[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: replay field size

To: "'ipsec@tis.com'" <ipsec@tis.com>
Subject: Re: replay field size
From: John Keating <jkeating@ire.com>
Date: Wed, 12 Feb 1997 12:01:36 -0500
Cc: "'keating@jagunet.com'" <keating@jagunet.com>
Sender: owner-ipsec@ex.tis.com

> Should AH and ESP both have a fixed size replay counter ? (Yes/No/Don't
Care)

I would tend to look towards the future, and ask for negotiation. ("640K
is more than anyone would ever need!") Why hardwire something that may
need to be changed at some future date? Perhaps default to a minimum
value, but don't lock it in.

> If they have a fixed size counter, what size should it be? (32 bits/64 bits)

See above, and default to 32 bits.

> Should SHA-1 output be truncated to 128 bits from 160 bits ? (Yes/No/Don't
Care)

I tend to lean towards leaving it at 160 bits. As some have mentioned,
it was designed at that, why weaken it by truncating it?


John W. Keating, III
jkeating@ire.com
These words are my own, and may not reflect the views of IRE, Inc.

Prev by Date: Re: replay field size
Next by Date: RE: replay field size
Prev by thread: Re: replay field size
Next by thread: Re: replay field size
Index(es):
- Main
- Thread