RE: Straw Poll and Alignment

[adams@cisco.com (Rob Adams)]

No need to start the straw poll over.   I don't understand our insistance on linking the size of the 
fields with alignment of the header.   If we need to align the header, then add padding.  Period.
The size of a field should be appropriate for the field's use and the field's use alone.

Mr. Bellovin's post this morning about a 64 vs. 32 bit replay counter should be convincing enough
about an rekeying issues.  Hugo et al. believe that it is more secure to truncate SHA.   

So, 32 bit replay makes sense for replay's sake.
Truncating SHA is more secure.
Therefore, 32 bit replay field, 128 bit Digest field.

Now, let's talk about alignment. 

(also, please let us not forget that having the *existance* of the replay field be optional
only further complicates alignment issues.)

-Rob

----------
From: 	C. Harald Koch[SMTP:chk@utcc.utoronto.ca]
Sent: 	Thursday, February 13, 1997 10:11 AM
To: 	ipsec@tis.com
Cc: 	rja@inet.org
Subject: 	Straw Poll and Alignment

z'.bAtgTM!+iq2$yXiv4gf<:D*rZ-|f$\YQi7"D"=CG!JB?[^_7v>8Mm;z:NJ7pss)l__Cw+.>xUJ)
 did@Pr9
Date: Thu, 13 Feb 1997 13:06:08 -0500
Sender: chk@rafael.rnd.border.com


Everyone seems to be 'voting' for a 32-bit counter *and* truncating the
SHA-1 output to 128 bits. However:

	THIS BREAKS 64 BIT ALIGNMENT!!!!!

The diagram, again (thanks, Robert Glenn!):

01234567012345670123456701234567
+------+-------+-------+-------+
| NH   | Len   |  Reserved     |       32 bits
+------+-------+-------+-------+
|             SPI              |       32 bits
+------+-------+-------+-------+
| Replay Prev. Counter         |       32 bits
+------+-------+-------+-------+
|                              |
|        HMAC                  |
|        Value                 |      128 bits
|                              |
+------+-------+-------+-------+

				total: 224 bits --- not multiple of 64

We can *either* have a 32-bit counter, *or* a truncated SHA-1 hash. Using
both breaks alignment. (Remember, AH is required for IPv6, and IPv6 requires
64-bit alignment on all options.)

I postulate that the current straw poll is meaningless, because we're
ignoring the fundamental alignment problem. The options, as I see them, are:

AH + SPI + 32-bit replay + 32-bit pad + HMAC-MD5	256 bits
AH + SPI + 32-bit replay + HMAC-SHA-1 			256 bits

    or

AH + SPI + 64-bit replay + HMAC-MD5			256 bits
AH + SPI + 64-bit replay + truncated HMAC-SHA1		256 bits

All other combinations of replay and hashes break alignment, or require
additional padding.


If I remember correctly, the truncated SHA-1 discussion started from the
fact that AH + SPI + SHA-1 == 224 bits, which is also not 64-bit aligned.
The proposed solution was to truncate the SHA-1 output to 128 bits, giving a
192 bit packet (which is aligned). And that, in turn, led to the AH 64-bit
replay counter; it preserves the alignment!

Can we *please* start over on this straw poll now?

-- 
C. Harald Koch           chk@utcc.utoronto.ca          +1 416 813 2054 (voice)

"I don't suffer from insanity; I revel in it!"
   		-Karen Murphy <karenm@descartes.com>

---

Follow-Ups:

• Re: Straw Poll and Alignment
• From: "C. Harald Koch" <chk@utcc.utoronto.ca>

---

• Prev by Date: Re: "Transforms" per se going away?
• Next by Date: Re: Straw Poll and Alignment
• Prev by thread: Straw Poll and Alignment
• Next by thread: Re: Straw Poll and Alignment
• Index(es):
  • Main
  • Thread