[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Replay protection with Manual keying

To: ipsec@TIS.COM
Subject: Replay protection with Manual keying
From: Naganand Doraswamy <naganand@ftp.com>
Date: Thu, 05 Sep 1996 17:08:39 -0400
Sender: ipsec-approval@neptune.tis.com

We were trying to implement HAMC-SHA with replay protection. We support only
manual keying as of now. Are we right in saying that one should not use
replay protection with manual keying?

We came up with this conclusion because of what happens when either the
sender or the receiver crashes. If the sender crashes, when the machine is
rebooted the sequence number starts from 1. However, the receiver does not
know about this and rejects all packets thinking it is replay attach. In
manual keying, the SA'a are static. The only way to avoid this is to keep
track of the sequence number and make it persistent. 

Comments?

-Ron Arbo and Naganand Doraswamy

Follow-Ups:

Re: Replay protection with Manual keying

From: Germano Caronni <caronni@tik.ee.ethz.ch>

Prev by Date: Status of IPSEC Key Management
Next by Date: Re: Replay protection with Manual keying
Prev by thread: Re: Status of IPSEC Key Management
Next by thread: Re: Replay protection with Manual keying
Index(es):
- Main
- Thread