On Mon, May 11, 2009 at 08:22:05PM +0530, ss murthy nittala wrote: > > The following sentence present in RFC 3602 creates some doubts whether IV > in each packet is mandatory or not? > > "Including the IV in each datagram ensures that decryption of each > received datagram can be performed, even when some datagrams are > dropped, or datagrams are re-ordered in transit."
Nothing vague about it at all! In fact, this paragraph strengthens the argument Tero made in his note: Using the previous cipher-text block is a Bad Idea (TM). An IP datagram is self-contained, and the IV is mandatory because you can't start a CBC decryption without one, and there's no other way to get an IV. Dan _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec