[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A few observations about the replay issue

To: Stephen Kent <kent@bbn.com>
Subject: Re: A few observations about the replay issue
From: "C. Harald Koch" <chk@utcc.utoronto.ca>
Date: Thu, 28 Aug 1997 22:47:19 -0400
cc: Daniel Harkins <dharkins@cisco.com>, ipsec@tis.com
In-reply-to: kent's message of "Thu, 28 Aug 1997 20:39:06 -0400". <v03102816b02b5d1e920f@[128.89.30.23]>
References: Your message of "Mon, 25 Aug 1997 17:24:19 CDT." <v03102805b027a73e053d@[128.89.30.4]> <v03102816b02b5d1e920f@[128.89.30.23]>
Sender: owner-ipsec@ex.tis.com

In message <v03102816b02b5d1e920f@[128.89.30.23]>, Stephen Kent writes:
> 
> Consider
> the situation where the receiver fails to notify the sender that AR is
> enabled, (the requirement is a SHOULD, not a MUST) and thus the sender does
> not check for sequence counter overflow. If the sender transmits 2**32
> packets, then the receiver will begin rejecting packets, but the sender
> will not know why.

We've gone to a lot of trouble to include sequence numbers and replay
protection into the protocol specs. I should *expect* AR to be turned on
given its emphasis in the new specs.

So, If the sender rolls its sequence number, and the remote end starts
rejecting packets, the sender has an *excellent* idea why.

-- 
Harald

References:

Re: A few observations about the replay issue

From: Stephen Kent <kent@bbn.com>

Re: A few observations about the replay issue

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: A few observations about the replay issue
Next by Date: Re: Is tunnel IP address included in SA?
Prev by thread: Re: A few observations about the replay issue
Next by thread: Re: A few observations about the replay issue
Index(es):
- Main
- Thread