[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPsec Straw Poll results

To: glenn@snad.ncsl.nist.gov, ipsec@tis.com
Subject: IPsec Straw Poll results
From: HUGO@watson.ibm.com
Date: Thu, 20 Feb 97 10:58:15 EST
cc: mjo@tycho.ncsc.mil, rob.glenn@nist.gov, sjchang@snad.ncsl.nist.gov, pau@watson.ibm.com
Sender: owner-ipsec@ex.tis.com

Ref:  Your note of Thu, 20 Feb 1997 08:57:57 -0500 (EST) (attached)

 > Great!  As one of the editors, I'm very happy that this has been resolved
 > and we can start moving forward.
 >
 > There are 2 small issues that I'm still not quite clear on but here is
 > the direction I'm moving towards (and will probably be in the first cut of the
 > new drafts).  1) The fixed size 32 bit counter will be optional such that
 > if replay prevention is not supported the field will be zeroed and ignored
 > upon receipt - but *WILL* still be included in the HMAC calculation.  2) To
 > resolve the alignment problem, the HMAC Authentication data will be truncated
 > to 96 bits as suggested earlier by both Hugo Krawczyk and Bart Preneel.
 >
 > Rob G.
 > rob.glenn@nist.gov

I definitely support the above approach. In particular, truncation to 96
bits for both HMAC-MD5 and HMAC-SHA1 (in the language of rfc2104 this will
be HMAC-MD5-96 and HMAC-SHA1-96).

Rob: since the test vectors for HMAC-SHA1 did not make it into rfc2104
I recommend you'll have them in the HMAC-SHA1 document.
Please talk to Pau-Chen about our (tested) results.

Hugo

Prev by Date: Re: IPsec Straw Poll results
Next by Date: HMAC with SHS
Prev by thread: Re: IPsec Straw Poll results
Next by thread: HMAC with SHS
Index(es):
- Main
- Thread