On Fri, 10 Jun 2016, Yoav Nir wrote:
All the algorithms we mention in the draft (AES-CTR, AES-GCM, AES-CCM,
ChaCha20-Poly1305) require a nonce that is given in the IV field of an ESP
packet.
For all of those algorithms, the respective RFC recommends to use a counter to
guarantee nonce uniqueness. Yes, you can use an LFSR instead, but a counter is
simpler.
ESP already has a counter - the packet sequence. If you follow the advice in
the RFCs the ESP header will look like this:
Ok, now I understand. Thanks.
I'm with Valery about using a new algorithm number. The proposal parser
is already pretty ugly as-is without adding more complexity. It also
allows to re-use the existing userland -> kernel infrastructure as no
new options need to be added to that communication layer. Just another
algorithm number.
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
