On 7/24/20 4:42 PM, Michael Rossberg wrote:
@William: The 16-bit sender ID is something we already get from protocols like GDOI to do IV space partitioning (details in https://tools.ietf.org/html/rfc6054). So the mistake is already there.
My memory was 8 bits, ludicrously small. Reading more carefully, they illustrated 8 bits, but also specified 12 and 16 bits. But this is an opportunity to do better. Let's not repeat mistakes. In my own area of experience, RDMA for large storage clusters across multiple data centers, you are going to run out quickly. Use existing IP Source header fields to build the IV. Add and xor are sufficiently fast. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
