<div dir="ltr"><div><div>Hi,<br><br></div>I have a question regarding AES-GCM usage in IPsec, and the impact of the lack of padding. In RFC 4106 section 3 it states that "Implementations that do not seek to hide the length of the plaintext
SHOULD use the minimum amount of padding required, which will be less
than four octets.". RFC 3602 for AES-CBC usage does not make any comment regarding hiding message length, presumably because the authors are happy at the minimum 16-byte padding?<br><br></div><div>The RFC does not state if implementations should or should not seek to hide the length of the plaintext. I'm curious as to the approach taken by libreswan: Does it use padding > 4 octets, and if so/if not, what's the rationale behind the decision?<br>
<br></div><div>Regards,<br></div><div><br></div>Mike<br></div>