[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re:

To: Rodney Thayer <rodney@sabletech.com>
Subject: Re:
From: Stephen Kent <kent@bbn.com>
Date: Tue, 19 Aug 1997 16:46:21 -0400
Cc: ipsec@tis.com
In-Reply-To: <3.0.1.32.19970819202151.00876e00@pop3.pn.com>
References: <199708191147.HAA20582@portal.ex.tis.com>
Sender: owner-ipsec@ex.tis.com

Rodney,

At 8:21 PM -0400 8/19/97, Rodney Thayer wrote:

>I believe current consensus is that replay is mandatory to implement for an
>automatically keyed situation and mandatory to not attempt in a manual
>keyed situation.
>
>[by automatic I mean ISAKMP, by manual I really mean MANUAL, i.e. human
>intervention and/or static configuration, not "out of band"]
>

The current drafts only state that anti-replay must not be used for
manually keyed SAs; they do not state the converse.  I don't recall any WG
discussion calling for mandatory use of anti-replay for automatically keyed
SAs.  However, if we did adopt that stance, it would remove the base
requirement for a receiver to advise a sender if anti-replay were enabled
at the receiver.

Steve

References:

No Subject

From: Ly Loi <lll@3com.com>

Re:

From: Rodney Thayer <rodney@sabletech.com>

Prev by Date: Re: IPSEC and NAT
Next by Date: Re: IPSEC and NAT
Prev by thread: Re:
Next by thread: Re: key management schemes
Index(es):
- Main
- Thread