Eric Rescorla <ekr(_at_)rtfm(_dot_)com> writes:
Can you please point to where in IP there is a limit that requires a MAC no
greater than 96 bits.
The AH had room for exactly 96 bits of MAC value, any more and it'd have to
overflow to another 32 bits worth (the size of the non-MAC data is 96 bits and
the MAC data adds the other 96 bits), see RFC 2402. The original AH used a
64-bit data field (RFC 1826) and didn't truncate MD5 (RFC 1828), so it was
also 192 bits long. With the expansion of the non-MAC data to 96 bits, it was
necessary to truncate the MAC to keep the same overall size.
Peter.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf