Re: AES-CBC draft: Tunnel mode, TTL field of inner header

["Scott G. Kelly" <scott@bstormnetworks.com>]

Hi Peter,

Looks like an oversight in the draft. Thanks for your thorough review -
we'll get this corrected in the next revision.

Scott

peter.mathes@gmx.de wrote:
> 
> Dear all,
> I just came across one point in the Internet Draft "The AES Cipher Algorithm
> and Its Use With IPsec", <draft-ietf-ipsec-ciph-aes-cbc-04.txt>, June 2002
> that made me wonder. In the last two test vectors (7&8) provided with the
> draft ESP packets in tunnel mode are encryted with AES-CBC. Although RFC 2401
> specifies in (5.1.2) to decrement the TTL field of the inner header this is not
> done in the two mentioned test cases:
> 
> ----------------
> Case #7:
> 
> Original packet:
> IP header (20 bytes): 45000054 09040000 4001f988 c0a87b03 c0a87bc8
>                                         ^^
> .
> .
> .
> 
> Pre-encryption Data with original IP header, padding, pad length and
> next header (96 bytes):
> 45000054 09040000 4001f988 c0a87b03 ...
>                   ^^
> 
> ------------------
> 
> And also the ciphertext is based on the plaintext with TTL = 40.
> 
> Mistake? Changes in the specification?
> 
> Thanks,
> Peter Mathes
> 
> --
> GMX - Die Kommunikationsplattform im Internet.
> http://www.gmx.net