[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed changes to ESP (andf a little AH too)



Steve,

I like your idea of starting the replay counter with 1. I think we should
adopt it.

With respect to doing authentication first and then encryption, in terms of
implementation it is not a very big change. I am not a cryptographer but it
looks like the processing involed with bad packets is lesser in the scheme
you are proposing. I dont know of vendor who has a product out in the market
supporting the combined transform. So if we decide to do this, this HAS to
be decided at Memphis. Many of us are almost ready to release products in
the next 3-4 months timeframe and once we have products out there, it
becomes a real pain if there is a fundamental change in the transform. I
will support this provided we can reach a decision in Memphis.

Regarding the window size, I think it is upto the implementation. I have
always seen window size as something that should not be negoatiated and is
entirely upto the receiver to decide the size. If the receiver chooses a
window size of 1, they in all probability they may drop quite a few packets.

--Naganand
----------------------------------------------------------------
naganand@ftp.com
Tel #: (508)684-6743 (O)