[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AH/ESP Last Call Results
At 01:18 AM 10/28/97 -0500, Theodore Y. Ts'o wrote:
[snip]
>RESOLVED
[snip]
>ESP Only
>--------
>2. Clarify how inbound processing of encryption "Padding" field is
> handled. Change...
>
> From: (3.4.5 Packet Decryption)
> The receiver:
> ......
> 2. removes/ignores any padding
> ......
>
> To:
> The receiver:
> ......
> 2. processes any padding as specified in the encryption
> algorithm specification. The default action is to remove/ignore
> any padding.
While not a major issue, this is not quite consistent with the text in the
Padding definition in section 2.4, where it says:
If Padding bytes are needed but the encryption algorithm does not
specify the padding contents, then the following default processing
MUST be used. The Padding bytes are initialized with a series of
(unsigned, 1-byte) integer values. The first padding byte appended
to the plaintext is numbered 1, with subsequent padding bytes making
up a monotonically increasing sequence: 1, 2, 3, ... When this
padding scheme is employed, the receiver SHOULD inspect the Padding
field.
The inconsistency has to do with the "SHOULD inspect" part; the
remove/ignore is not the default action. I'd suggest remove the "SHOULD
INSPECT" and replace with a default of remove/ignore.
Regards,
-Bob
----------------------------------------------------------------
Bob Monsour Hi/fn Inc.
rmonsour@hifn.com 2105 Hamilton Avenue
408-558-8065 Suite 230
408-558-8074 fax San Jose, CA 95125
----------------------------------------------------------------
Follow-Ups:
References: