[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ottawa bakeoff feedback] problem with ESP Padding

To: "C. Harald Koch" <chk@utcc.utoronto.ca>
Subject: Re: [Ottawa bakeoff feedback] problem with ESP Padding
From: Bob Monsour <rmonsour@hifn.com>
Date: Thu, 25 Sep 1997 13:10:47 -0700
Cc: smamros@newoak.com (Shawn Mamros), Rodney Thayer <rodney@sabletech.com>, ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

At 10:27 AM 9/25/97 -0400, C. Harald Koch wrote:
[snip]
>Agreed. This change breaks every single implementation for negligible gain. 
>
>Can we *please* get these documents stable and published?

Also agreed -- strongly. 

As one of the hardware vendors in question, we're building a chip that
generates padding automatically on compression/encryption/authentication
processing and we strip it off automatically on the receive side of things.
We support multiple padding modes, but don't output the sequence as
currently specified in the ESP draft. We have a mode that outputs the
incrementing scheme, but the pad length value output is equal to the value
of the last pad byte. 

We have another padding mode that puts out the correct number of bytes of
padding AND the correct value of the pad length byte, but if the values are
checked on the receiver side, then the check will fail. The pad byte values
are equal to the value of the pad length byte. 

The ESP draft specifies the incrementing pad scheme as its default (and the
DES & 3DES drafts defer to the ESP draft for padding requirements). The ESP
draft states "When this padding scheme is employed, the receiver SHOULD
inspect the Padding field."

A SHOULD is defined as follows (per rfc2119):
   SHOULD   This word, or the adjective "RECOMMENDED", mean that there
   may exist valid reasons in particular circumstances to ignore a
   particular item, but the full implications must be understood and
   carefully weighed before choosing a different course.

As you all probably recall (perhaps with some pain), there was a debate on
the value of well-defined padding bytes versus "random" padding bytes. I
don't wish to re-engage that debate (nor do I fully understand the
implications). I leave it to the implementors to decide on how to interpret
the "SHOULD inspect the Padding field" specification.

Bottom line, I am strongly in favor of *NOT* changing the ESP draft and
wanted to implementation community to be aware of this issue.

Thanks for listening.

-Bob

Prev by Date: Re: change in isakmp/oakley
Next by Date: Re: [Ottawa bakeoff feedback] problem with ESP Padding
Prev by thread: Re: [Ottawa bakeoff feedback] problem with ESP Padding
Next by thread: Re: [Ottawa bakeoff feedback] problem with ESP Padding
Index(es):
- Main
- Thread