Re: draft-ietf-ipsec-ciph-des-derived-00

[Norman Shulman <norm@tor.securecomputing.com>]

On Wed, 23 Jul 1997, William Allen Simpson wrote:

> > Page 6, Pad Values, Range: Should be 1 to 255.
> >
> No, please read in context.  The value is the _configured_ maximum
> amount of padding to generate and check.  Zero (0) means no checking.
> For DES, when checking is enabled, the required value is 7, generating
> and checking 0-7 bytes of padding.  More than 7 are allowed.  Therefore,
> the configuration range is 7 to 255.
> 
> This section was designed to complement the text that the WG asked to be
> added to the ESP draft.  I will check the ESP draft to ensure that it
> includes the necessary explanation.

Since there are really two independent attributes here, I propose replacing
this parameter with the following two:

   Pad Checking
      New implementations use verifiable values.  However, some earlier
      implementations used pseudo-random values.  This check must only
      be used with those peers that have implemented this feature.

      Default: 0 (checking off).  Range: 0 to 1 (checking on).

   Maximum Pad Length
      Some operations desire additional padding to inhibit traffic analysis.

      Default: 7.  Range: 7 to 255.

Norm

                    Norman Shulman      Secure Computing Canada
     	         Systems Developer      Tel 1 416 813 2075
      norm@tor.securecomputing.com      Fax 1 416 813 2001

---

References:

• Re: draft-ietf-ipsec-ciph-des-derived-00
• From: "William Allen Simpson" <wsimpson@greendragon.com>

---

• Prev by Date: Re: Auth algorithm measurement tools?
• Next by Date: Re: Derived versus Explicit IV
• Prev by thread: Re: draft-ietf-ipsec-ciph-des-derived-00
• Next by thread: Re: Exchanging Certificate Chains
• Index(es):
  • Main
  • Thread