[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A pothole in ISAKMP/Oakley
> I will note, however, that if the SPI's are pseudo-randomly generated,
> as is required by the spec, then the probability of using the same SPI
> twice should be extremely low. So the implementations that revealed
> this problem were defective.
Hilarie is right. SPI values must be {pseudo-,}randomly generated, if I
remember the specs correctly. Implementations that do otherwise are probably
broken.
Dan
Follow-Ups:
References: