[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Which comes first?
Folks
[From discussion between Roy Pereira and Ben Rogers...]
>>The cipher key alsways gets the first <x> number of bits, where <x>
>>represents the number of bits for its key.
>>
>>This is stated in other ESP cipher algorithm documents, but it also
>>should be stated in the main ESP document as well.
How does the text below sound?
Thanks,
Karen
==============================================================================
Please note that in response to comments received on the currently
posted draft, we've re-organized the Processing section to make the
inbound and outbound sections more parallel to each other, consolidate
the algorithms text, etc. The not-yet-posted Processing section looks
like:
3. Encapsulating Security Protocol Processing........................7
3.1 ESP Header Location..........................................7
3.2 Algorithms..................................................10
3.2.1 Encryption Algorithms..................................10
3.2.2 Authentication Algorithms..............................10
3.3 Outbound Packet Processing..................................10
3.3.1 Security Association Lookup............................11
3.3.2 Packet Encryption......................................11
3.3.3 Sequence Number Generation.............................11
3.3.4 Integrity Check Value Calculation......................12
3.3.5 Fragmentation..........................................12
3.4 Inbound Packet Processing...................................12
3.4.1 Reassembly.............................................12
3.4.2 Security Association Lookup............................13
3.4.3 Sequence Number Verification...........................13
3.4.4 Integrity Check Value Verification.....................14
3.4.5 Packet Decryption......................................15
We propose to add the following text to section 3.2 before 3.2.1 and
3.2.2:
"If both encryption and authentication services are selected,
then the encryption key is taken from the first (left-most,
high-order) bits and the authentication key is taken from the
remaining bits. The number of bits for each is defined in the
relevant transforms."
Follow-Ups: