[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPsec Straw Poll results
Ref: Your note of Thu, 20 Feb 1997 08:57:57 -0500 (EST) (attached)
> Great! As one of the editors, I'm very happy that this has been resolved
> and we can start moving forward.
>
> There are 2 small issues that I'm still not quite clear on but here is
> the direction I'm moving towards (and will probably be in the first cut of the
> new drafts). 1) The fixed size 32 bit counter will be optional such that
> if replay prevention is not supported the field will be zeroed and ignored
> upon receipt - but *WILL* still be included in the HMAC calculation. 2) To
> resolve the alignment problem, the HMAC Authentication data will be truncated
> to 96 bits as suggested earlier by both Hugo Krawczyk and Bart Preneel.
>
> Rob G.
> rob.glenn@nist.gov
I definitely support the above approach. In particular, truncation to 96
bits for both HMAC-MD5 and HMAC-SHA1 (in the language of rfc2104 this will
be HMAC-MD5-96 and HMAC-SHA1-96).
Rob: since the test vectors for HMAC-SHA1 did not make it into rfc2104
I recommend you'll have them in the HMAC-SHA1 document.
Please talk to Pau-Chen about our (tested) results.
Hugo