[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new ESP spec (bigger message)
Dan,
>> 2.4 Payload Data
<SNIP! SNIP!>
>This isn't a real problem for IPv6. The reason for the 8-byte alignment
>drive in IPv6 was to make fast-path processing faster. (Those of us with
>UltraSPARC appreciate this.) Since ESP is already beating down the slow
>path, this isn't as huge of a deal as one might think at first. Also, a
>properly formed IPv6 datagram will be 8-byte aligned once you strip out the
>ESP cruft after decryption.
>
>There's always crypto-algorithm alignment issues, but I leave those to the
>crypto wizards.
Good to hear that view from an IPv6 perspective, but we are crypto people too!
>> 3.2.4.3 Authentication Algorithms
<SNIP! SNIP!>
>Is the HMAC trunctated for use in ESP?!? I hadn't heard any movement to do
>so, but I sometimes miss these things.
We were going for consistency here. There's no reason to believe that if
96 bits is good enough for authentication/integrity in AH that it isn't
good enough for the same services in ESP.
Steve
References: