RFC 8750
Implicit Initialization Vector (IV) for Counter-Based Ciphers in Encapsulating Security Payload (ESP), March 2020
- File formats:
- Also available: XML file for editing
- Status:
- PROPOSED STANDARD
- Authors:
- D. Migault
T. Guggemos
Y. Nir - Stream:
- IETF
- Source:
- ipsecme (sec)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC8750
Discuss this RFC: Send questions or comments to the mailing list ipsec@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 8750
Abstract
Encapsulating Security Payload (ESP) sends an initialization vector (IV) in each packet. The size of the IV depends on the applied transform and is usually 8 or 16 octets for the transforms defined at the time this document was written. When used with IPsec, some algorithms, such as AES-GCM, AES-CCM, and ChaCha20-Poly1305, take the IV to generate a nonce that is used as an input parameter for encrypting and decrypting. This IV must be unique but can be predictable. As a result, the value provided in the ESP Sequence Number (SN) can be used instead to generate the nonce. This avoids sending the IV itself and saves 8 octets per packet in the case of AES-GCM, AES-CCM, and ChaCha20-Poly1305. This document describes how to do this.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.