Re: Sequence Number field for manually configured SAs

[Stephen Kent <kent@bbn.com>]

Steve,

As you noted, the ESP I-D and the Metzger-Simpson I-D (DES-CBC with derived
IV) are not consistent, although the ESP and AH I-Ds are internally
consistent.  When we cited the M-S I-D as the specification for the default
encryption algorithm, we did so very quickly, to get the ESP I-D out, and
we failed to look closely enough at the old RFC and the new I-D to note
this problem.  Several messages have recently been exchanged about the pros
and cons of using the sequence number as an IV. The ESP text is clear on
what to do, and sender and receiver, and the requirements and motivations
are explained.  All of this is based on the assumption that the sequence
number is just a sequence number.  However, when one uses the sequence
number as the basis for an IV, a new set of possible requirements arise,
and that results in the disparity between the ESP I-D and the M-S I-D, and
the suggestion to manage the sequence number space differently (for manual
vs. automated key management). The WG has yet to resolve this issue.  Stay
tuned.

Steve

---

References:

• Sequence Number field for manually configured SAs
• From: "Steve Klein (254-5623)" <steveklein@vnet.ibm.com>

---

• Prev by Date: Re: Sequence Number field for manually configured SAs
• Next by Date: Re: beginner's questions
• Prev by thread: Re: Sequence Number field for manually configured SAs
• Next by thread: Re: Sequence Number field for manually configured SAs
• Index(es):
  • Main
  • Thread