[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: anti-replay notification



Am I right in believing people are missing something in the discussion
about notification of the replay window, at least in ISAKMP?

ISAKMP currently sets up only a single agreed SA, which is then used
bidirectionally by both partners.  So both parties are receivers; so if we
require the receiver notify the sender of its Anti-Replay window size, then
both parties have to do it.

The proposal does still imply, that the values of the window sent in each
direction have to be allowed to be different.

- John Burke