[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: anti-replay notification
Derrell,
>If the intent is to communicate the receiver's actual window size back to
>the initiator, this wouldn't work because the initiator would have to
>know/guess what window size the receiver would want to choose. In ISAKMP,
>the destination only chooses from the initiator's SA proposals. The
>responder does not, himself, propose...
That was not the intent and it was not what I said. What I said was:
"Why can't the sender propose use of AR by the receiver
(purely as a construct to maintain symmetry) and then the receiver can
accept or reject that pro forma proposal as a way of signalling whether
the>receiver has enabled AR?"
This refers only to the responder signalling whether AR is enabled for the
SA, NOT signalling the size of the window. Your response indicates that
this more modest approach would work and it does not sound complicated.
>You could offer a set of replay window sizes, in multiples of 32, but this
>would expand the SA proposal list multiplicitively by "n", where "n" were
>the number of replay window sizes you'd offer. Even if you were interested
>only in knowing whether the responder had selected AR, you'd still expand
>the proposals by 2. It would make more sense to define AR as "different"
>and special-case the replay window size attribute on one or both sides.
This would be practical if the range of window sizes were small, e.g., 32,
64, 96 and 128. However my message did not suggest that because the number
of proposals could grow large if there was not agreement on the window size
range.
Steve
Follow-Ups:
References: