RFC 8750

Implicit Initialization Vector (IV) for Counter-Based Ciphers in Encapsulating Security Payload (ESP), March 2020

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Status:
PROPOSED STANDARD
Authors:
D. Migault
T. Guggemos
Y. Nir
Stream:
IETF
Source:
ipsecme (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8750

Discuss this RFC: Send questions or comments to ipsec@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

Encapsulating Security Payload (ESP) sends an initialization vector (IV) in each packet. The size of the IV depends on the applied transform and is usually 8 or 16 octets for the transforms defined at the time this document was written. When used with IPsec, some algorithms, such as AES-GCM, AES-CCM, and ChaCha20-Poly1305, take the IV to generate a nonce that is used as an input parameter for encrypting and decrypting. This IV must be unique but can be predictable. As a result, the value provided in the ESP Sequence Number (SN) can be used instead to generate the nonce. This avoids sending the IV itself and saves 8 octets per packet in the case of AES-GCM, AES-CCM, and ChaCha20-Poly1305. This document describes how to do this.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader