[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Internet Drafts -- AH and ESP specs

To: "'Stephen Kent'" <kent@bbn.com>, "'Daniel Harkins'" <dharkins@cisco.com>, "'Theodore Y. Ts'o'" <tytso@MIT.EDU>
Subject: RE: Internet Drafts -- AH and ESP specs
From: Roy Pereira <rpereira@TimeStep.com>
Date: Sat, 4 Oct 1997 10:59:03 -0400
Cc: "'ipsec@tis.com'" <ipsec@tis.com>
Sender: owner-ipsec@ex.tis.com

Stephen,

I'm just wondering if we should be adding anything to the protocol this
late, and perhaps this should go in IPSecond?

I also don't see why we would wish to send a whole ISAKMP Notify message
just to state that we are using replay.  Why not just place an attribute
in the transform that states "Yes, I'm using replay".  This attribute
would merely be informational.  We once had this "Replay attribute", but
it was used for negotiation.  

But again, I'm against adding anything to the protocol at this late
stage.

On Friday, October 03, 1997 4:37 PM, Stephen Kent [SMTP:kent@bbn.com]
wrote:
> Roy,
> 
> 	The AH and ESP specs call for the receiver to use a NOTIFY to
> inform the sender of the receiver's intent to employ anti-replay measures,
> so it is not a negotiation. If you look at the last messages on the topic,
> dated 8/26 (from Dan Harkins( and 8/28 (from me), the resolution was to
> make use of this form of notification (proposed by Dan), and the only
> unresolved point was whether to make the transmission of the NOTIFY a MUST
> or a SHOULD.
> 
> Steve
> 
>

Follow-Ups:

RE: Internet Drafts -- AH and ESP specs

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: Expiry based on traffic (kilobytes)
Next by Date: Re: Internet Drafts -- AH and ESP specs
Prev by thread: Re: Internet Drafts -- AH and ESP specs
Next by thread: RE: Internet Drafts -- AH and ESP specs
Index(es):
- Main
- Thread