[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: length of IV in ESP_NULL cipher

To: "Tarun Ahuja" <tarun.ahuja@cavium.com>
Subject: Re: length of IV in ESP_NULL cipher
From: Stephen Kent <kent@bbn.com>
Date: Fri, 9 Jan 2004 09:28:03 -0500
Cc: <ipsec@lists.tislabs.com>
In-reply-to: <0ac801c3d640$98c6eb10$b110a8c0@Tarun>
References: <0ac801c3d640$98c6eb10$b110a8c0@Tarun>
Sender: owner-ipsec@lists.tislabs.com

At 15:38 -0800 1/8/04, Tarun Ahuja wrote:
>Hi all
>
>What should be the length of the IV in case of NULL cipher when using ESP
>protocol?
>
>As per RFC 2410
>"Because of the stateless nature of the NULL encryption algorithm, it is not
>necessary to transmit an IV or similar cryptographic
>synchronization data on a per packet (or even a per SA) basis".
>
>Which essentially means the length of the IV should be 0 but FreeSWAN uses a
>length of 4bytes IV (equal to blocksize) for NULL cipher.
>
>-Tarun

If FreeSWAN used an IV length of 4, someone needs to have a talk with 
them. Of course the length should be 0. Anything else is just wasted 
overhead.

Steve

References:
- length of IV in ESP_NULL cipher
  - From: "Tarun Ahuja" <tarun.ahuja@cavium.com>

Prev by Date: Re: IKEv1 and multiple SAs ?
Next by Date: Re: length of IV in ESP_NULL cipher
Previous by thread: Re: length of IV in ESP_NULL cipher
Next by thread: I-D ACTION:draft-ietf-ipsec-ikev2-iana-01.txt
Index(es):
- Date
- Thread