Re: anti-replay notification

[Naganand Doraswamy <naganand@BayNetworks.COM>]

Steve,
>
>	Yes, the AH and ESP specs call for AR window size notification by
>the receiver to the sender.  I was addressing the more narrow question of
>AR notification, in the text you explicitly cited, because the discussion
>had drifted into the more general issue of "why notify at all, let's just
>always do AR, and authentication, ..."
>

We always say that doing ESP in the absence of some intergriy protection is
not safe. I am not sure I understand what the issue is with requiring that
we always do AR. We can say that for manual keys/SA, there is no replay
protection and for dynamic SA's replay is always performed but is not
advertised. I also beleive that it not necessary for receiver to advertise
its replay window size.

Thanks,
--Naganand

-----------------------------------------------------------------
Naganand Doraswamy				(508)916-1323 (O)
Bay Architecture Lab				(508)670-8153 (Fax)
3 Federal St, Mail Stop BL3-04
Billerica, MA 01821

---

Follow-Ups:

• Re: anti-replay notification
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: order/nesting of IPsec headers (transport mode)
• Next by Date: Re: anti-replay notification
• Prev by thread: Re: rush to get spec out
• Next by thread: Re: anti-replay notification
• Index(es):
  • Main
  • Thread