Scott Fluhrer \(sfluhrer\) writes: > No, RFC4106 (June 2005) predated 800-38D (November 2007) by over two years.
Ah, didn't check the dates, and the NIST document didn't really explain the reason behind it, it just said you preferrably need to have 32-bit fixed part. > Instead, it was inserted to harden the system against multitarget > attacks, as I said earlier... Thanks for that explination. So we do want to keep that, and of course as it is part of NIST document you might have issues trying to get certifications for you implementations if you do not follow NIST documents. You most likely would still get certification even if you do not follow some RFCs. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
