[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A few observations about the replay issue
- To: "C. Harald Koch" <chk@utcc.utoronto.ca>
- Subject: Re: A few observations about the replay issue
- From: Stephen Kent <kent@bbn.com>
- Date: Tue, 2 Sep 1997 11:05:12 -0400
- Cc: Daniel Harkins <dharkins@cisco.com>, ipsec@tis.com
- In-Reply-To: <97Aug28.224704edt.11650@janus.tor.securecomputing.com>
- References: kent's message of "Thu, 28 Aug 1997 20:39:06 -0400". <v03102816b02b5d1e920f@[128.89.30.23]> Your message of "Mon, 25 Aug 199717:24:19 CDT." <v03102805b027a73e053d@[128.89.30.4]> <v03102816b02b5d1e920f@[128.89.30.23]>
- Sender: owner-ipsec@ex.tis.com
Harald,
>We've gone to a lot of trouble to include sequence numbers and replay
>protection into the protocol specs. I should *expect* AR to be turned on
>given its emphasis in the new specs.
>
>So, If the sender rolls its sequence number, and the remote end starts
>rejecting packets, the sender has an *excellent* idea why.
>
If we knew the receiver were rejecting the packets, this would not be an
issue. However, the sender may know only that the packets are not being
received, without knowing why.
Steve