[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-ipsec-esp-v3-04.txt




Hi, Steve,

Since we have a dedicated section 7, Differences from RFC 2406, IMO, it
would be better to list the new requirement of AES algorithm, and the
removal of DES and 3DES requirement. This change is pretty important in
the cryptography community.

Page 28-29 the DISCUSSION, since ESN is a new thing, it would be better
to say something about it here. In my understanding, we need to include
ESN higher order bits, if applicable, in the ICV computation. It is
appended just after the possible implicit padding.

              DISCUSSION:

               Begin by removing and saving the ICV field. Next check
the
               overall length of the ESP packet minus the ICV field. If
               implicit padding is required, based on the blocksize of
the
               integrity algorithm, append zero-filled bytes to the end
of
               the ESP packet directly after the Next Header
               field. (**** say something about ESN higher order bits
here ***)
               Perform the ICV computation and compare the result
               with the saved value, using the comparison rules defined
by
               the algorithm specification.

On page 9 Table 1 and page 10 Table 2:

       Next Header                1        M       Y      Y
cipher[3]
       Seq# (high order bits)     4     if ESN [5]        Y     not xmtd
       ICV Padding             variable if need           Y     not xmtd
       ICV                     variable   M [6]                 plain

Suggest change to the following (swap ESN high order bits and ICV
padding, so that they are consistant to their position when we compute
ICV)

       Next Header                1        M       Y      Y
cipher[3]
       ICV Padding             variable if need           Y     not xmtd
       Seq# (high order bits)     4     if ESN [5]        Y     not xmtd
       ICV                     variable   M [6]                 plain

Thanks,

Jimmy