[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: anti-replay notification

To: Naganand Doraswamy <naganand@BayNetworks.COM>
Subject: Re: anti-replay notification
From: Stephen Kent <kent@bbn.com>
Date: Mon, 25 Aug 1997 16:12:51 -0500
Cc: ipsec@tis.com
In-Reply-To: <3.0.32.19970825093010.009ee334@bl-mail1.corpeast.baynetworks.com>
Sender: owner-ipsec@ex.tis.com

Naganand,

>We always say that doing ESP in the absence of some intergriy protection is
>not safe. I am not sure I understand what the issue is with requiring that
>we always do AR. We can say that for manual keys/SA, there is no replay
>protection and for dynamic SA's replay is always performed but is not
>advertised. I also beleive that it not necessary for receiver to advertise
>its replay window size.

A previous message pointed out that use of AH and ESP (e.g., in transport
mode) is an alternative means of having authentication for the payload, so
mandating authentcation for ESP is unduly restrictive.

Steve

References:

Re: anti-replay notification

From: Naganand Doraswamy <naganand@BayNetworks.COM>

Prev by Date: Re: order/nesting of IPsec headers (transport mode)
Next by Date: Re: A few observations about the replay issue
Prev by thread: Re: anti-replay notification
Next by thread: Re: anti-replay notification
Index(es):
- Main
- Thread