[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: anti-replay notification
Steve,
>That was not the intent and it was not what I said. What I said was:
>
>"Why can't the sender propose use of AR by the receiver
>(purely as a construct to maintain symmetry) and then the receiver can
>accept or reject that pro forma proposal as a way of signalling whether
>the>receiver has enabled AR?"
Forgive me if I mistated the intent. The current AH and ESP documents do
state that that is the intent though, do they not? [current text below]
>This refers only to the responder signalling whether AR is enabled for the
>SA, NOT signalling the size of the window. Your response indicates that
>this more modest approach would work and it does not sound complicated.
This will work at the expense, on the wire, of requiring that each SA
proposal be more than twice as large (in bytes) as it would otherwise be
without "negotiated" AR. I agree that it's not overly complicated.
So where are we on this issue? The current text in AH and ESP says:
If an SA establishment protocol such as Oakley/ISAKMP [sic] is
employed, then the receiver SHOULD notify the transmitter, during SA
establishment, if the receiver will provide anti-replay protection
and SHOULD inform the transmitter of the window size.
...yet we're now discussing a simple boolean indication -- whether or not
the responder chose AR, not what window size they selected.
I'd like to see us try to come to closure on this issue by tomorrow. We
have more interesting fish to fry.
>This would be practical if the range of window sizes were small, e.g., 32,
>64, 96 and 128. However my message did not suggest that because the number
>of proposals could grow large if there was not agreement on the window size
>range.
I didn't think that would be a good way to do this either...
Derrell
Follow-Ups:
References: