Re: replay field size straw poll

["Steven M. Bellovin" <smb@research.att.com>]

		I concurr with all three of your points re anti-replay
	field size and hash size.  I'd also like to add
	the observation that I think we will have errors in
	implementations of the anti-replay windows, because of the
	need for the modular arithmetic (since we are not starting
	the counters at 0 or 1).  So, having a single size counter
	for both AH and ESP may further minimize the time it will
	take to get the bugs out of this code.

Since this isn't a sliding window counter (as the TCP sequence number
is), I suspect that the two's-complement arithmetic that is now
universally used will make most implementations just work.  It wouldn't
hurt to include a sample two lines of code showing the right way to
do the comparison, however...

---

Follow-Ups:

• Re: replay field size straw poll
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: RE: replay field size
• Next by Date: Re[2]: Path MTU Discovery
• Prev by thread: RE: replay field size straw poll
• Next by thread: Re: replay field size straw poll
• Index(es):
  • Main
  • Thread