[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A few observations about the replay issue

To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Subject: Re: A few observations about the replay issue
From: Stephen Kent <kent@bbn.com>
Date: Mon, 25 Aug 1997 17:24:19 -0500
Cc: ipsec@tis.com
In-Reply-To: <199708240231.WAA20780@dcl.MIT.EDU>
Sender: owner-ipsec@ex.tis.com

Ted,

	I'm willing to adopt with your suggested compromise.  The
docucuments will be revised to reflect that the receiver notifies the
sender whether AR is enabled for each SA (using the technique Derrell
mentioned earlier, so as to preserve the ISAKMP negotiation symmetry), but
there will be no mechanism for the receiver to notify of the AR window
size.  The MIB for AH and ESP will include window size.  The MIB author
will need to discuss the read/write constraints for this entry.

	That leaves the question of what the documents should say about the
receive window size.  We no longer need to advertize it, so that removes
one motivation for standardizing allowed window sizes.  However, one can
still argue that a minimum size should be specified, to avoid the problems
that can arise if very small window sizes are adopted.  (Recall the
confusion over adopting a window size of 1 as a default .)  Based on the
current specs, a minimum of 32 would be mandated, with a recommended
minimum of 64.  Any probolems with that?

Steve

Follow-Ups:

Re: A few observations about the replay issue

From: Daniel Harkins <dharkins@cisco.com>

References:

A few observations about the replay issue

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>

Prev by Date: Re: anti-replay notification
Next by Date: Re: IPSEC and NAT
Prev by thread: A few observations about the replay issue
Next by thread: Re: A few observations about the replay issue
Index(es):
- Main
- Thread