IPsec -- new versions of AH and ESP

[Karen Seo <kseo@bbn.com>]

Title: IPsec -- new versions of AH and ESP

Folks,

Back on 7/25/03, there was an email on the list from "Salekul Islam" re: "Sliding Window Mechanism using ESN in AH".  At the time, we addressed one of the two questions/issues it contained, but overlooked the second, which we just realized in reviewing some old mail.  To address this second issue, we have added a line to the pseudo code in the ESN appendix (see below) for both AH and ESP.

My apologies for this oversight/delay. Please let us know if you have any questions. Thank you,

Karen

From appendix A2.2.  Determining the Higher Order Bits (Seqh) of the Sequence Number

        Else                                    Case B
            If (Seql >= Tl - W + 1)
                Seqh = Th - 1
                If (pass replay check)
                    If (pass integrity check)
                        Set the bit corresponding to Seql
                        Pass packet on
                    Else reject packet
                Else reject packet
            Else

Added->         Seqh = Th

                If (Seql <= Tl)
                    If (pass replay check)
                        If (pass integrity check)
                            Set the bit corresponding to Seql
                            Pass packet on
                        Else reject packet
                    Else reject packet
                Else
                    If (pass integrity check)
                        Tl = Seql (shift bits)
                        Set the bit corresponding to Seql
                        Pass packet on

                    Else reject packet