[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A few observations about the replay issue

To: "C. Harald Koch" <chk@utcc.utoronto.ca>
Subject: Re: A few observations about the replay issue
From: Stephen Kent <kent@bbn.com>
Date: Tue, 2 Sep 1997 11:05:12 -0400
Cc: Daniel Harkins <dharkins@cisco.com>, ipsec@tis.com
In-Reply-To: <97Aug28.224704edt.11650@janus.tor.securecomputing.com>
References: kent's message of "Thu, 28 Aug 1997 20:39:06 -0400". <v03102816b02b5d1e920f@[128.89.30.23]> Your message of "Mon, 25 Aug 199717:24:19 CDT." <v03102805b027a73e053d@[128.89.30.4]> <v03102816b02b5d1e920f@[128.89.30.23]>
Sender: owner-ipsec@ex.tis.com

Harald,

>We've gone to a lot of trouble to include sequence numbers and replay
>protection into the protocol specs. I should *expect* AR to be turned on
>given its emphasis in the new specs.
>
>So, If the sender rolls its sequence number, and the remote end starts
>rejecting packets, the sender has an *excellent* idea why.
>

If we knew the receiver were rejecting the packets, this would not be an
issue.  However, the sender may know only that the packets are not being
received, without knowing why.

Steve

Prev by Date: IANA and SA Attribute Registration (ISAKMP)
Next by Date: Re: IANA and SA Attribute Registration (ISAKMP)
Prev by thread: Re: IANA and SA Attribute Registration (ISAKMP)
Next by thread: Vendors who are implementing IPSEC, step forward....
Index(es):
- Main
- Thread