[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: padding in ESP

To: Lokesh <lokeshnb@intotoinc.com>
Subject: Re: padding in ESP
From: Stephen Kent <kent@bbn.com>
Date: Fri, 15 Nov 2002 17:59:25 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <5.1.0.14.0.20021115120149.023d1ec0@172.16.1.10>
References: <5.1.0.14.0.20021115120149.023d1ec0@172.16.1.10>
Sender: owner-ipsec@lists.tislabs.com

At 12:28 PM +0530 11/15/02, Lokesh wrote:
>Hi all
>One questions each on ESP and AH protocols:
>
>1] why do we need to adjust ESP packet size by padding to be aligned 
>to 4 byte boundary in case of
>null encryption? can we bypass padding for null encryption?
>
>2] AH RFC says ICV can be of variable size, and is normally taken as 
>12 bytes, in case if someone
>wants > 12 bytes of ICV how he/she can intimate other party of new 
>size of the ICV?
>
>Thanks
>Lokesh

The ICV follows the end of the data that is nominally encrypted 
(i.e., the NEXT field in ESP). We want the ICV aligned on a 4-byte 
boundary for ease of access, hence the requirement for the padding to 
be used even in the case of NULL encryption.

Steve

References:
- padding in ESP
  - From: Lokesh <lokeshnb@intotoinc.com>

Prev by Date: Counter Mode Security: Analysis and Recommendations
Next by Date: SIGMA and the cryptographic rationale for IKE exchanges
Prev by thread: Re: padding in ESP
Next by thread: FQDN goes in commonName or domainComponent?
Index(es):
- Date
- Thread