RE: [Ipsec] Query for IPv6 ICV
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Ipsec] Query for IPv6 ICV
Title: RE: [Ipsec] Query for IPv6 ICV
At 10:44 AM +0100 11/11/04, Grubmair Peter wrote:
Hi, I am not sure if its really wrong what Windows
produces -
as 20 bytes (ICV + padding) + 12 bytes AH gives 32
bytes,
which is a multiple of 8.
So maybe 20 bytes of Windows are 12 bytes ICV + 8
bytes padding.
RFC2402 does not prohibit unneccessary
padding.
best regards
Peter
I am sure :-)
I explained the rationale in my message, i.e., the HMAC-MD5-96
RFC specifies that ONLY a 96-bit value is defined by that standard.
So, if one negotiates this integrity algorithm in IKE, the ONLY
acceptable HMAC value to send is one that is exactly 96-bits in
length. Sending the full 128-bit output of HMAC-MD5 violates the
RFC specification.
You are right that the AH RFC does not prohibit unnecessary
padding, but it seems clear that what Windows is doing is
outputting the wrong length HMAC value, then padding that.
Steve
_______________________________________________
Ipsec mailing list
Ipsec at ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
