[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DES-CBC "interface" shim

To: William Allen Simpson <wsimpson@greendragon.com>
Subject: Re: DES-CBC "interface" shim
From: Stephen Kent <kent@bbn.com>
Date: Fri, 30 May 1997 12:28:36 -0400
Cc: ipsec@tis.com
In-Reply-To: <5957.wsimpson@greendragon.com>
Sender: owner-ipsec@ex.tis.com

Bill,

A couple of comments on your DES-CBC "shim" document (which we're calling
"algorithm" documents in the AH and ESP I-Ds):

	- I'd suggest rewording the IV section to make it clear that the
IVs used here are not carried explicitly in the ESP packet, but are
constructed from values elsewhere in the ESP packet format, what the ESP
I-D refers to as an "implicit" IV.   Also, I hope your insistance on always
including the sequence number field, wasting 4 bytes in the IPv4 context if
anti-replay was not enabled, was not motivated by your desire to use it for
IV computation here.

	-I don't see a need to include section 7, on the authentication
data field.

Steve

References:

DES-CBC "interface" shim

From: "William Allen Simpson" <wsimpson@greendragon.com>

Prev by Date: Re: eliminate AH -- unanimous
Next by Date: Don't eliminate AH
Prev by thread: DES-CBC "interface" shim
Next by thread: Re: DES-CBC "interface" shim
Index(es):
- Main
- Thread