Re: Internet Drafts -- AH and ESP specs

["Theodore Y. Ts'o" <tytso@MIT.EDU>]

   From: Roy Pereira <rpereira@TimeStep.com>
   Date: Fri, 3 Oct 1997 11:53:43 -0400

   > <snip>
   >         - Receiver SHOULD notify sender if anti-replay is enabled.

   I had thought that we dropped REPLAY negotitation?

   In fact REPLAY negotiation has not been part of the last three ANX
   interoperability tests, nor is it in the last few DOI documents.

As near as I can tell, the consensus/compromise which was reached was
that we would drop replay window size negotiation and notification.
What's at issue here is a notify message indicating the presence of
anti-replay protection by the receiver. 

As far as I can tell, there hasn't been significant discussion on this
topic either way on the mailing list, up to now.  Thus, it's hard to
judge consensus on this topic, unless one applies the "silence gives
assent" standard.

My _personal_ belief is that adding a replay notify message is
relatively harmless, and may in some cases give useful information to
the sender.  In any case, adding a notify message shouldn't cause
interopability problems, since the transmission of the notify message is
not mandatory.  (And implementations should be able to deal with notify
message types which they don't understand, right?  It sould only result
in an entry in the audit log.)

						- Ted

---

References:

• RE: Internet Drafts -- AH and ESP specs
• From: Roy Pereira <rpereira@TimeStep.com>

---

• Prev by Date: RE: Internet Drafts -- AH and ESP specs
• Next by Date: RE: Comments on ISAKMP and Oakley resolution document.
• Prev by thread: Re: Internet Drafts -- AH and ESP specs
• Next by thread: RE: Internet Drafts -- AH and ESP specs
• Index(es):
  • Main
  • Thread