Search RFCs
RFC 8750
Implicit Initialization Vector (IV) for Counter-Based Ciphers in Encapsulating Security Payload (ESP),March 2020
- File formats:
- Also available:XML file for editing
- Status:
- PROPOSED STANDARD
- Authors:
- D. Migault
T. Guggemos
Y. Nir - Stream:
- IETF
- Source:
- ipsecme (sec)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC8750
Discuss this RFC: Send questions or comments to the mailing listipsec@ietf.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 8750
Abstract
Encapsulating Security Payload (ESP) sends an initialization vector(IV) in each packet. The size of the IV depends on the appliedtransform and is usually 8 or 16 octets for the transforms defined atthe time this document was written. When used with IPsec, somealgorithms, such as AES-GCM, AES-CCM, and ChaCha20-Poly1305, take theIV to generate a nonce that is used as an input parameter forencrypting and decrypting. This IV must be unique but can bepredictable. As a result, the value provided in the ESP SequenceNumber (SN) can be used instead to generate the nonce. This avoidssending the IV itself and saves 8 octets per packet in the case ofAES-GCM, AES-CCM, and ChaCha20-Poly1305. This document describes howto do this.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.