Here's the reason that we do use the 32-bit salt value for GCM - to prevent
batching attacks.
Consider the case that an attacker is able to collect packets from a billion
(2^30) sessions; each such session contains a packet with the same IV (say,
IV=0), and contains a packet with the same
Paul Hoffman writes:
Updates can update very specific text in a draft. Since this just
applies in this special case, the updates text needs to be clearly
worded to reflect that or you copy in all the text that applies
from the other draft.
I do not think the ikev2-null-auth updates the
On Mar 31, 2015, at 1:49 PM, Tero Kivinen kivi...@iki.fi wrote:
Yoav Nir writes:
First is the nonce/IV question: In the current draft, there is a
64-bit IV with guidance not to repeat them (so use a counter or
LFSR). The function itself accepts a 96-bit input nonce, so the
nonce is
On Mar 30, 2015, at 8:42 PM, Scott Fluhrer (sfluhrer) sfluh...@cisco.com
wrote:
-Original Message-
From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Yoav Nir
Sent: Monday, March 30, 2015 10:40 AM
To: internet-dra...@ietf.org
Cc: ipsec@ietf.org; i-d-annou...@ietf.org
As the primary author of 4301, and the creator of the PAD, I believe
this work
does update that section of 4301. I agree with Kathleen that this doc
needs to
say precisely what parts of 4301 are being updated, perhaps using a
before/after
approach.
Steve
On Apr 1, 2015, at 6:57 PM, Kathleen