[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-ciph-des-derived-00
On Wed, 23 Jul 1997, William Allen Simpson wrote:
> > Page 6, Pad Values, Range: Should be 1 to 255.
> >
> No, please read in context. The value is the _configured_ maximum
> amount of padding to generate and check. Zero (0) means no checking.
> For DES, when checking is enabled, the required value is 7, generating
> and checking 0-7 bytes of padding. More than 7 are allowed. Therefore,
> the configuration range is 7 to 255.
>
> This section was designed to complement the text that the WG asked to be
> added to the ESP draft. I will check the ESP draft to ensure that it
> includes the necessary explanation.
Since there are really two independent attributes here, I propose replacing
this parameter with the following two:
Pad Checking
New implementations use verifiable values. However, some earlier
implementations used pseudo-random values. This check must only
be used with those peers that have implemented this feature.
Default: 0 (checking off). Range: 0 to 1 (checking on).
Maximum Pad Length
Some operations desire additional padding to inhibit traffic analysis.
Default: 7. Range: 7 to 255.
Norm
Norman Shulman Secure Computing Canada
Systems Developer Tel 1 416 813 2075
norm@tor.securecomputing.com Fax 1 416 813 2001
References: