[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Perplexed by padding values (was "padding values")

> From: Bob Monsour <rmonsour@hifn.com>
> For those of us trying to implement somewhat flexible hardware to support a
> variety of security protocols, including padding options/modes, this kind
> of tweak matters. I propose that we do as DESE does and start with a value
> of '1' unless there is a compelling security argument to be made.
A very important point.  I had not considered that folks would want to
do the padding computation in hardware.

The PPP Self-Describing-Pad starts at 1 because it has no trailing
pad-length field.  The internal values need to be interpretable in
the presence of variable trailing checksums in the framing.   Also, we
went to great lengths to avoid adding an additional block in as many
cases as possible, by excluding blocks ending in zero or a value > 8.
So, PPP values are optimal and cannot be changed.

I will make the change in my IPSec drafts.  Thanks.

    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2