[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: Combined DES-CBC, HMAC and Replay Prevention

To: hughes@nsco.network.com, "Hilarie Orman" <ho@earth.hpc.org>
Subject: Re: Last Call: Combined DES-CBC, HMAC and Replay Prevention
From: "James Hughes" <hughes@nsco.network.com>
Date: 31 Dec 96 15:41:04 -0600
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

> I don't think we want to define different transforms for multicast, but
I'm
> not sure that having traffic "go away and come back" is a multicast
> property.  

Other than a "broadcast" kinda of traffic which continues whether or not
the destination is still there, (I am assuming that multicast is the method
of choice for broadcast), is the major type of traffic that will continue
to bable after the topology goes half duplex or no duplex... With routers,
if the path goes away long enough, then the route protocols will give up as
a bad path?

> Perhaps I'm missing the point.  It seems to me that there are
> local problems (no buffer space) that could lead to long dropout periods.

How long is long. I can agree that 65K is not too long at OC-48c....

> Hilarie
> 
> :-) How does the replay mechanism behave if there is a stuck bit in the
reply
> counter?

If X is 64K, if the stuck bit is in the top 16 bits, you will never come
up. If it is in the lower 16 bits, you will lose half of the traffic.

jim

Prev by Date: Re: Last Call: Combined DES-CBC, HMAC and Replay Prevention Security Transform to Proposed Standard
Next by Date: Re: Last Call: Combined DES-CBC, HMAC and Replay Prevention SecurityTransform to Proposed Standard
Prev by thread: Re: Last Call: Combined DES-CBC, HMAC and Replay Prevention
Next by thread: Comment regarding draft-mcdonald-pf-key-v2-00.txt
Index(es):
- Main
- Thread