[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: replay window size (Re: Proposed changes to ESP (andf a little

To: lmccarth@cs.umass.edu (Lewis McCarthy)
Subject: Re: replay window size (Re: Proposed changes to ESP (andf a little
From: owner-ipsec@ex.tis.com
Date: Mon, 24 Mar 1997 08:29:34 -0500 (EST)
cc: ipsec@tis.com (IPsec Mailing List)

AH too)) 
Date: Sun, 23 Mar 1997 11:14:46 -0800
From: Derrell Piper <piper@cisco.com>
Sender: owner-ipsec@portal.ex.tis.com
Precedence: bulk

The size of the replay window should be implementation defined.  There's
nothing you can do in the protocol to force the other end to honor any
particular window size, so you might as well let him choose one that's
efficient for his particular kernel/architecture.  On 32-bit systems, this
will probably be 32, and on Alpha, 64.

Steve Kent suggested in Montreal that the size might want to be negotiated
so that the initiator has some way to indicate to the receiver the
anti-replay size that he believes might be most appropriate.  I think this
adds unnecessary complexity, but I could support this if it's worded
appropriately.  In the past, it has been worded as if increasing the size
of the replay detection window somehow weakens the anti-replay protection.

Derrell

> Do you have a recommendation for the replacement mandatory-to-implement
> window size, instead of 1? To minimize disruption, we might upgrade
> size=32 from recommended to mandatory-to-implement.
>
>-Lewis

Follow-Ups:

Re: replay window size

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: "Pillage first, then burn" - Attila the Hun
Next by Date: I-D ACTION:draft-ietf-ipsec-ah-hmac-md5-96-00.txt
Prev by thread: Re: IPsec Survey Results, March 1997 [rev 1]
Next by thread: Re: replay window size
Index(es):
- Main
- Thread