[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kent

To: K SrinivasRao <srinu@trinc.com>
Subject: Re: kent
From: Stephen Kent <kent@bbn.com>
Date: Thu, 19 Mar 1998 10:50:58 -0500 (EST)
Cc: ipsec@tis.com
In-Reply-To: <3.0.1.32.19980318130549.006a9978@192.9.200.10>
Sender: owner-ipsec@ex.tis.com

Srinu,

>With respect to the draft-ietf-ipsec-esp-v2-04.txt
>
>2.4  Padding (for Encryption)
>
>Several factors require or motivate use of the Padding field.
>
>(case 1)
>o If an encryption algorithm is employed that requires the
>  plaintext to be a multiple of some number of bytes, e.g., the
>  block size of a block cipher, the Padding field is used to
>  fill the plaintext (consisting of the Payload Data, Pad Length
>  and Next Header fields, as well as the Padding) to the size
>  required by the algorithm.
>
>srinu>> Will the encryption algorithm which needs multiple of block size
>adds the padding that also ensures that the resulting ciphertext terminates
>on a 4-byte boundary. i.e the requirement of following paragraph(case2).
>
>(case2)
>o Padding also may be required, irrespective of encryption
>  algorithm requirements, to ensure that the resulting
>  ciphertext terminates on a 4-byte boundary. Specifically, the
>  Pad Length and Next Header fields must be right aligned within
>  a 4-byte word, as illustrated in the ESP packet format figure
>  above, to ensure that the Authentication Data field (if
>  present) is aligned on a 4-byte boundary.
>
>(case3)
>o Padding beyond that required for the algorithm or alignment
>  reasons cited above, may be used to conceal the actual length
>  of the payload, in support of (partial) traffic flow
>  confidentiality.  However, inclusion of such additional
>  padding has adverse bandwidth implications and thus its use
>  should be undertaken with care.
>
>srinu>> Is there any ordering of above three cases regarding how to process
>the packet. Like first apply the packet to process under do case2 and then
>case1 and then case3.
>
>Srinu>> If we are applying more than one cases, is it sure that pad length
>will not exceed 255 bytes.
>
>The sender MAY add 0-255 bytes of padding.  Inclusion of the Padding
>field in an ESP packet is optional, but all implementations MUST
>support generation and consumption of padding.  The padding
>computation applies to the plaintext portion of the Payload Data,
>exclusive of the IV (if present).
>

In all cases the padding is either the default (described in ESP) or
algorithm-specific (defined in the algorithm).

Steve

References:

kent

From: K SrinivasRao <srinu@trinc.com>

Prev by Date: Re: Mandatory Algorithms for ESP?
Next by Date: Re: editorial notes on arch-sec-04
Prev by thread: kent
Next by thread: Is there any order?
Index(es):
- Main
- Thread