[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: replay window size



Derrell,

	The revised specs will make sure that there is no confusion re the
relative secruity afforded by different replay windo sizes.  As you
observe, a large window, if proparly implemented, does just as good a job
of preventing replays as a smaller window.  The difference is that larger
windows have a greater tolerance for out of order packet arrival than
smaller windows, but IP assumes out of order arrival, and is silent on the
extent to which such behavior may be benign (vs. malicious).

	I'm concvrened about having the window size be solely
implementation defined, since that can lead to unopredictable behavior that
may be hard to track down.  Also, there seems to be general agreement that
a wiondow size of 32, or multiples thereof, is relatively easy to
implement.  I don't want to have implementors feel that they must implement
arbitrary size windows, since that is potentially hard (or inefficient),
yet some have sent me private mail expressing concerns abotu exactly that.
So, we need to clarify this.  Also, I don't want to see a window size of 1
since that conflcits with the IP layer model for delivery.

	I like to think in terms of "consumer protection" when writing a
spec.  If certain requirements are levied, then the purchasers of
IPSEC-compliant devices will be assured of a certain level of functionality
(though not assurance), and interoperability will be fostered.  If we are
silent on important issues, such as what size window is supported for
anti-replay, then I worry about what the products will do.  Hence my desire
to stipulate reasonable requirements for window sizes.  However, I am
sensitive to your concern re negotiation and if we could settle on a window
size of 32 as a mandatory to implement default, and have negotiation of
larger sizes optional, that might address both concerns.

Steve




References: