[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

padding questions

In the new new new ESP draft (draft-ietf-ipsec-esp-04) in section 2.4 it
talks about padding.

For an encryption scheme such as DES you need padding, so the (DES)
document for ESP would have to talk about it's padding requirements.  There
are also requirements from the hardware community about what the padding
values are (for DES/3DES chips.)  So I guess the DES document will have to
be updated.

However, the document also suggests padding could be used to assist in
hiding the true payload length, or for boundry conditions.  For example I
could take a 9 byte payload, add 5 bytes of pad (9 payload + 5 pad + 1
pad-length + 1 next-payload = 16 which is divisible by 8)  But could I send
the same packet padded with 21 bytes, i.e. throw in two more pad 'blocks'
for obscurity?

What if I use a non-block oriented encryption scheme such as ARCFOUR?  It
seems to me that to a civil implementation might want to pad to 8-byte
boundries for politeness (and IPv6, etc.) Does this mean ALL encryption
algorithm documents that accompany this MUST describe padding?  Otherwise
where do you document how to set the pad bytes