Sean Turner <[email protected]> wrote: > -------------------------------------- > Type: Technical > Reported by: Michael Bowler <[email protected]>
> Section: 4
> Original Text
> -------------
> In AUTH_AES_GMAC, the AH Authentication Data field consists of the IV
> and the Authentication Tag, as shown in Figure 5. Unlike the usual
> AH case, the Authentication Data field contains both an input to the
> authentication algorithm (the IV) and the output of the
> authentication algorithm (the tag). No padding is required in the
> Authentication Data field, because its length is a multiple of 64
> bits.
> Corrected Text
> --------------
> In AUTH_AES_GMAC, the AH Authentication Data field consists of the IV
> and the Authentication Tag, as shown in Figure 5. Unlike the usual
> AH case, the Authentication Data field contains both an input to the
> authentication algorithm (the IV) and the output of the
> authentication algorithm (the tag). In IPv6, padding of 4 octets is
> required to bring the AH header to a multiple of 64-bits. No padding
> is required for IPv4.
I see. Sounds reasonable.
Too bad the AES_GMAC designers didn't truncate more.
--
Michael Richardson <[email protected]>, Sandelman Software Works
pgpm1zlpkLhCX.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
