Re: [IPsec] Proposal for using Implicit IV for IKE

Michael Richardson Sun, 12 Nov 2017 18:52:47 -0800

Yoav Nir <[email protected]> wrote:
    > Proposal #1:
    > ==========
    > | 24 zero bits | Flags (8 bits) | Message ID (32 bits)|


    > And use IIV only for regular Encrypted Payload, not for Encrypted
    > Fragment. The reasoning is that if you use fragmentation you’ve
    > already solved the message-too-big issue.

    > The Flags octet includes the I(nitiator) and R(esponse) bits, which
    > differentiate the cases that are not related to fragmentation.

    > Proposal #2:
    > ==========
    > | Next Payload (8 bits) | Fragment Counter (16 bits) | Message ID (32
    > bits)|

    > The Fragment Counter is the same as in the RFC 7383 fragment payload,
    > or zero if we are using the regular encrypted payload.

I think that #2 does a better job.

--
Michael Richardson <[email protected]>, Sandelman Software Works
 -= IPv6 IoT consulting =-

signature.asc
Description: PGP signature

_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] Proposal for using Implicit IV for IKE

Reply via email to