[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ESP Pad byte changes

To: ipsec@tis.com
Subject: ESP Pad byte changes
From: Jackie Wilson <jhwilson@austin.ibm.com>
Date: Thu, 9 Apr 1998 00:22:13 -0500 (CDT)
Sender: owner-ipsec@ex.tis.com

I was wondering how many implementations are numbering the pad bytes and 
checking the values as indicated in the latest ESP draft.  This seems to be a 
problem that if you check the values, you may not be able to interoperate with 
many ipsec implementations.  I realize this is a 'should' issue, but this
is a low-level detail I don't want to surface to the user to turn on or 
off.  In addition, it is not an attribute that can be negotiated with 
ISAKMP/Oakley.  Is checking the pad numbering strategic, do most implementers 
plan on doing it?  Are most people making this a configurable option?  If it's 
not being done now, are people planning on doing it soon (ie 1998)? If it
is not important from a security standpoint to have it, then why is it in 
the draft?

For all the noise made about freezing the drafts, I question the decision
to add this in the last round of changes to ESP.

Just wondering what others thought.

Jackie
-- 
Jacqueline Wilson          | Phn:  (512) 838-2702
IBM, AIX/6000              | Fax:  (512) 838-3509
11400 Burnet Road ZIP 9551 | Ext:  8-2702   Tie-Line:  678
Austin, TX 78758-3493      | inet: jhwilson@austin.ibm.com

Follow-Ups:

Re: ESP Pad byte changes

From: "Scott G. Kelly" <skelly@redcreek.com>

Prev by Date: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Next by Date: What is meant by routing header ?
Prev by thread: Re: Last Call: Security Architecture for the Internet Protocol to
Next by thread: Re: ESP Pad byte changes
Index(es):
- Main
- Thread