Re: anti-replay notification

[John Burke <jburke@cylink.com>]

Thanks to Ted Ts'o for the summary of history on what list participants did
and did not say about anti-replay and notification of same in a KMP.

>From this it appears that, back in May, Steve Kent alone was actively
pushing for the notification of window size to be present in KMP, and there
were a few responses "well, if that's what gets decided it will be all
right with me".  And everyone seems to agree the one cogent argument in
favor is, it might aid debugging.

I notice for one thing that a Replay-Window-Size attribute did not get
included in the next ISAKMP draft nor the companion IPSEC DOI (both in
July).  So at this point the issue includes: that the proposal is to
introduce another attribute into the ISAKMP or DOI drafts, likely raising
controversy if anything at all is said about what values are allowed or
recommended and thus stretching this already too-long process out longer,
further trying the patience of the waiting user community (what does Bob
Moskowitz's AIAG think about all this?).

Considering the only argument is "help in debugging", and other people call
this a vague notion and still others suggest it is ill-founded, the
arguments why we should make changes to ISAKMP and the DOI doc at this late
date seem thoroughly underwhelming.


- John Burke

---

Follow-Ups:

• Re: anti-replay notification
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: Re: anti-replay notification
• Next by Date: Re: anti-replay notification
• Prev by thread: Re: anti-replay notification
• Next by thread: Re: anti-replay notification
• Index(es):
  • Main
  • Thread