[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Retransmits in traffic count?

To: Ricky Charlet <rcharlet@redcreek.com>
Subject: Re: Retransmits in traffic count?
From: Tero Kivinen <kivinen@ssh.fi>
Date: Sun, 15 Aug 1999 02:33:56 +0300 (EET DST)
Cc: Andrew Krywaniuk <akrywaniuk@TimeStep.com>, ipsec@lists.tislabs.com
In-Reply-To: <37B1F64B.C3EA77C8@redcreek.com>
Organization: SSH Communications Security Oy
References: <319A1C5F94C8D11192DE00805FBBADDFCC529B@exchange><37B1F64B.C3EA77C8@redcreek.com>
Sender: owner-ipsec@lists.tislabs.com

Ricky Charlet writes:
> 	I am curious why you think that it does not make sense to count
> retranmits against the SA lifetime in IKE. If you counted the first
> packet (not a retransmit) then why not count the retransmits. All the QM
> negotiations are traveling under the protection of a particular phase
> one SA. 

Because the retransmission packets are identical to the original
packets. There is no reason to count them to KB limit, because of
that (they do not offer attacker any new encrypted data to attack). 
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

References:

RE: Retransmits in traffic count?

From: Andrew Krywaniuk <akrywaniuk@TimeStep.com>

Re: Retransmits in traffic count?

From: Ricky Charlet <rcharlet@redcreek.com>

Prev by Date: Re: Retransmits in traffic count?
Next by Date: SA bundles including IPCOMP.
Prev by thread: Re: Retransmits in traffic count?
Next by thread: Re: Retransmits in traffic count?
Index(es):
- Main
- Thread