Venkatesh Sriram writes: > Section 8.1 of the draft describes the ESP-NULL packet format. While > doing so, it also shows the IV as optional. Now, my question is, that > isnt IV for NULL encryption (integrity only) always 0?
No. In most cases the IV length is 0, but there is AUTH_AES_*_GMAC authentication algorithms where it is 8 bytes, as explained in the draft. > If thats the case then why are we showing the IV in that packet? Because it can be there for those ESP_NULL_AUTH_AES_GMAC algorithms (RFC4543). -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
