[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: another padding question ...



> From: Stephen Kent <kent@bbn.com>
> 	I've reworded the padding field text as per my earlier message, to
> make padding content algorithm/mode specific.  However, Bill also has
> suggested that padding be used to ensure that the Auth Data field, if
> present, be aligned on an 8-byte boundary.   Previously published transform
> I-Ds for ESP do not call for 64 bit alignment, but rather refer to
> "approrpiate alignment"  when discussing padding.

yeah, those are the weasel words so that IPv4 has 32-bit alignment, and
IPv6 has 64-bit alignment.

It would be easier for the implementors to always have 64-bit alignment.
It would be nice if we could only have one test instead of two.  Please!


> In fact, the suggestion of
> requiring 8-byte alignment for the start of the Payload was not adopted.

I beg to differ!  SPI || Sequence == 64-bits.

We rejected the Hughes draft with SPI || IV || Sequence, partly because
the 64-bit IV wasn't aligned.  As well as the fact that it didn't make
sense to have an algorithm specific field mixed in with the generic
fields, of course.

WSimpson@UMich.edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2


Follow-Ups: