Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods

To: ssmurthy.nittala at freescale.com
Subject: Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
From: Paul Koning <Paul_Koning at dell.com>
Date: Mon, 11 May 2009 10:59:55 -0400
Cc: ipsec at ietf.org
Delivered-to: ipsec at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: Discussion of IPsec protocols <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <200905111404.n4BE4Nns002222 at az33smr01.freescale.net> <18952.13961.78245.997197 at fireball.kivinen.iki.fi> <200905111446.n4BEk8Xo017104 at az33smr01.freescale.net>

>>>>> "ss" == ss murthy nittala <ssmurthy.nittala at freescale.com> writes:

 ss> The following sentence present in RFC 3602 creates some doubts
 ss> whether IV in each packet is mandatory or not?

 ss> "Including the IV in each datagram ensures that decryption of
 ss> each received datagram can be performed, even when some datagrams
 ss> are dropped, or datagrams are re-ordered in transit."

It's mandatory.  The paragraph you quoted is simply an explanation of
why this is so.

Note the first paragraph of that section, which says "the ESP payload
is made up of the IV followed...".  There isn't any option in that
statement. 

	   paul

References:
- [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
  - From: ss murthy nittala
- [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
  - From: Tero Kivinen
- Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
  - From: ss murthy nittala

Prev by Date: Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
Next by Date: Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
Previous by thread: Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
Next by thread: Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
Index(es):
- Date
- Thread

Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.