Makes sense, thank you for the quick response. Mike
On Wed, May 28, 2014 at 4:46 PM, Paul Wouters <[email protected]> wrote: > On Wed, 28 May 2014, Mike C wrote: > > I have a question regarding AES-GCM usage in IPsec, and the impact of the >> lack of padding. In RFC 4106 section 3 it states that >> "Implementations that do not seek to hide the length of the plaintext >> SHOULD use the minimum amount of padding required, which >> will be less than four octets.". RFC 3602 for AES-CBC usage does not make >> any comment regarding hiding message length, presumably >> because the authors are happy at the minimum 16-byte padding? >> >> The RFC does not state if implementations should or should not seek to >> hide the length of the plaintext. I'm curious as to the >> approach taken by libreswan: Does it use padding > 4 octets, and if so/if >> not, what's the rationale behind the decision? >> > > We currently do not support AES_GCM for IKE, only for IPsec. So you > should be looking at the kernel code and kernel people to answer that > question for you. > > We do plan to add AES_GCM support for IKE, most likely in libreswan > 3.10. Then, your question can be answered by the NSS people. > > The fact that the RFC does not state this as a requirement most likely > means that there was no clear consensus on whether it was a required > or useful feature or not - people didn't care enough and probably > thought it was an uninteresting edge case? > > Paul >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
