[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Which comes first?

To: rpereira@TimeStep.com, ben@Ascend.COM, ipsec@tis.com
Subject: Re: Which comes first?
From: Karen Seo <kseo@bbn.com>
Date: Tue, 16 Sep 97 3:39:05 EDT
cc: kseo@bbn.com
Sender: owner-ipsec@ex.tis.com

Folks

[From discussion between Roy Pereira and Ben Rogers...]

>>The cipher key alsways gets the first <x> number of bits, where <x>
>>represents the number of bits for its key.
>>
>>This is stated in other ESP cipher algorithm documents, but it also
>>should be stated in the main ESP document as well.

        How does the text below sound?

Thanks,
Karen

==============================================================================

Please note that in response to comments received on the currently
posted draft, we've re-organized the Processing section to make the
inbound and outbound sections more parallel to each other, consolidate
the algorithms text, etc.  The not-yet-posted Processing section looks
like:
        3. Encapsulating Security Protocol Processing........................7
           3.1  ESP Header Location..........................................7
           3.2  Algorithms..................................................10
              3.2.1  Encryption Algorithms..................................10
              3.2.2  Authentication Algorithms..............................10
           3.3  Outbound Packet Processing..................................10
              3.3.1  Security Association Lookup............................11
              3.3.2  Packet Encryption......................................11
              3.3.3  Sequence Number Generation.............................11
              3.3.4  Integrity Check Value Calculation......................12
              3.3.5  Fragmentation..........................................12
           3.4  Inbound Packet Processing...................................12
              3.4.1  Reassembly.............................................12
              3.4.2  Security Association Lookup............................13
              3.4.3  Sequence Number Verification...........................13
              3.4.4  Integrity Check Value Verification.....................14
              3.4.5  Packet Decryption......................................15

We propose to add the following text to section 3.2 before 3.2.1 and
3.2.2:

        "If both encryption and authentication services are selected,
        then the encryption key is taken from the first (left-most,
        high-order) bits and the authentication key is taken from the
        remaining bits.  The number of bits for each is defined in the
        relevant transforms."

Follow-Ups:

Re: Which comes first?

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>

Prev by Date: 3DES-CBC-MAC
Next by Date: draft-ietf-ippcp-protocol-01.txt
Prev by thread: RE: Which comes first?
Next by thread: Re: Which comes first?
Index(es):
- Main
- Thread