Overflowing by another 32 bits is hardly the same as "there was only room for" -Ekr On Wed, Mar 9, 2011 at 1:57 AM, Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx> wrote: > Eric Rescorla <ekr@xxxxxxxx> writes: > >>Can you please point to where in IP there is a limit that requires a MAC no >>greater than 96 bits. > > The AH had room for exactly 96 bits of MAC value, any more and it'd have to > overflow to another 32 bits worth (the size of the non-MAC data is 96 bits and > the MAC data adds the other 96 bits), see RFC 2402. The original AH used a > 64-bit data field (RFC 1826) and didn't truncate MD5 (RFC 1828), so it was > also 192 bits long. With the expansion of the non-MAC data to 96 bits, it was > necessary to truncate the MAC to keep the same overall size. > > Peter. > _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf