[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Replay protection with Manual keying

To: Germano Caronni <caronni@tik.ee.ethz.ch>
Subject: Re: Replay protection with Manual keying
From: Stephen Kent <kent@bbn.com>
Date: Fri, 6 Sep 1996 09:50:21 -0500
Cc: Naganand Doraswamy <naganand@ftp.com>, ipsec@TIS.COM
Sender: ipsec-approval@neptune.tis.com

Germano,

        I'm not sure I would expect rekeying to be nearly as frequent a you
suggest (every 5 minutes), but the general thrust of these observations is
certainly correct, i.e., anti-reply measures rely on fresh, per-association
keys and a means of rekeying within an association that carries enough
traffic to cause the counter to cycle.  Also, in the face of loss of state
at either end, one must be prepared to establish a new association, and
that too calls for a fresh traffic key.

Steve

Prev by Date: Re: Replay protection with Manual keying
Next by Date: Replay protection with Manual keying
Prev by thread: Re: Replay protection with Manual keying
Next by thread: Replay protection with Manual keying
Index(es):
- Main
- Thread