[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New draft -- IPSEC AH

To: Karen Seo <kseo@bbn.com>, ipsec@tis.com
Subject: Re: New draft -- IPSEC AH
From: Matt Thomas <matt.thomas@altavista-software.com>
Date: Sat, 31 May 1997 09:25:27 -0400
Cc: ipng@sunroof.eng.sun.com
In-Reply-To: <199705302208.SAA15535@relay.hq.tis.com>
Sender: owner-ipsec@ex.tis.com

>3.2.3.1.2  ICV Computation for IPv6
>
>   In IPv6, the "Hop Limit" field in the IPv6 base header is zeroed
>   prior to performing the ICV calculation.  IPv6 options contain a bit
>   that indicates whether the option might change (unpredictably) during
>   transit.  For any option for which contents may change en-route, the
>   entire "Option Data" field must be treated as zero-valued octets when
>   computing or verifying the ICV.  The Option Type and Opt Data Len are
>   included in the ICV calculation.  All other options are also included
>   in the ICV calculation.  See the IPv6 specification [DH95] for more
>   information.

I think that we need to exclude (e.g. treat as zero) the flow-label and
priority/reserved bits as well, especially if they are allowed to be
changed inflight.  [Since the version field is constant I'd exclude that
as well so the first 32 bits of the IPv6 header are treated as zeroes.]

Comments?


-- 
Matt Thomas                    Internet:   matt.thomas@altavista-software.com
Internet Locksmith             WWW URL:    <coming eventually>
AltaVista Internet Software    Disclaimer: This message reflects my own
Littleton, MA                              warped views, etc.

References:

New draft -- IPSEC AH

From: Karen Seo <kseo@bbn.com>

Prev by Date: Re: another padding question ...
Next by Date: Re: eliminate AH -- unanimous
Prev by thread: New draft -- IPSEC AH
Next by thread: New draft -- IPSEC ESP
Index(es):
- Main
- Thread