[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-ietf-ipsec-new-auth-00.txt

To: Stephen Kent <kent@bbn.com>
Subject: Re: Comments on draft-ietf-ipsec-new-auth-00.txt
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Wed, 14 May 1997 16:17:07 -0400
Cc: Daniel Harkins <dharkins@cisco.com>, ipsec@tis.com
In-Reply-To: kent's message of Tue, 13 May 1997 21:05:44 -0400. <v03007800af9e7cd32425@[128.89.30.20]>
Sender: owner-ipsec@ex.tis.com

> Nonetheless, I propose the following compromise.  Have the sender always
> transmit the AR counter, thus preserving the 8-byte AH alignment when using
> the default auth data size of 12 bytes.  Allow the receiver to determine,
> unilaterally, whether to check the AR counter, and to do so against a
> window size chosen byb the receiver.  Make 32 the default window size, and
> allow for large window sizes, in multiples of 32.  However, have the
> receiver notify the sender of the selected window size (if any) as part of
> the SA negotiation.

Seems like a reasonable compromise.  It should not require significant
code for the sender to ignore the additional attribute; the receiver
need only send it if it supports variable replay window sizes (and
thus already has significant additional complexity); and, if the
receiver erroneously omits the attribute but does support
larger-than-default windows, you can still interoperate.

The attribute should be defined as "replay window *at least* this
large"

				- Bill

References:

Re: Comments on draft-ietf-ipsec-new-auth-00.txt

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: ESP revisions straw poll
Next by Date: Re: ESP revisions straw poll
Prev by thread: Re: Comments on draft-ietf-ipsec-new-auth-00.txt
Next by thread: Re: Comments on draft-ietf-ipsec-new-auth-00.txt
Index(es):
- Main
- Thread