[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

padding questions

To: ipsec@tis.com
Subject: padding questions
From: Rodney Thayer <rodney@sabletech.com>
Date: Wed, 04 Jun 1997 11:13:36 -0400
Sender: owner-ipsec@ex.tis.com

In the new new new ESP draft (draft-ietf-ipsec-esp-04) in section 2.4 it
talks about padding.

For an encryption scheme such as DES you need padding, so the (DES)
document for ESP would have to talk about it's padding requirements.  There
are also requirements from the hardware community about what the padding
values are (for DES/3DES chips.)  So I guess the DES document will have to
be updated.

However, the document also suggests padding could be used to assist in
hiding the true payload length, or for boundry conditions.  For example I
could take a 9 byte payload, add 5 bytes of pad (9 payload + 5 pad + 1
pad-length + 1 next-payload = 16 which is divisible by 8)  But could I send
the same packet padded with 21 bytes, i.e. throw in two more pad 'blocks'
for obscurity?

What if I use a non-block oriented encryption scheme such as ARCFOUR?  It
seems to me that to a civil implementation might want to pad to 8-byte
boundries for politeness (and IPv6, etc.) Does this mean ALL encryption
algorithm documents that accompany this MUST describe padding?  Otherwise
where do you document how to set the pad bytes
(random/0-origin/1-origin/constant)

Follow-Ups:

Re: padding questions

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

Re: padding questions

From: Stephen Kent <kent@bbn.com>

Prev by Date: RE: eliminate AH -- unanimous
Next by Date: Re: New draft -- IPSEC AH
Prev by thread: RE: ESP revisions straw poll
Next by thread: Re: padding questions
Index(es):
- Main
- Thread