[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New AH Transform Drafts submitted
4. The Replay Prevention field is an up counter that starts at 1. Act
ually
this is kept from the previous specs. The reason I mention it, is
that
it differs from the ESP-DES-MD5 spec. I avoided using a negotiated
counter because of the complexity it adds and I'm not convinced
that starting at a fixed number weakens security. I'm open to be
convinced.
My issue with the replay counter applies to ESP, not AH. I know of no
weaknesses here. The only possible issue is whether or not MD5 or SHA
are weaker if handed large numbers of 0-bits; I suspect not with this
few.