[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Phase 1 KB lifetime

To: Ben McCann <bmccann@indusriver.com>
Subject: Re: Phase 1 KB lifetime
From: Henry Spencer <henry@spsystems.net>
Date: Wed, 19 Jan 2000 18:11:36 -0500 (EST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <3886340B.E64B08B2@indusriver.com>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 19 Jan 2000, Ben McCann wrote:
> 1. How should an IPSEC station notify a peer that it received an invalid
>    SPI in an _IPSEC_ packet (AH, ESP, or IPCOMP)?

The first question is whether any notification should be attempted, given
the potential for denial-of-service attacks.  (Note that RFCs 2402 and
2406 specifically deny that you are required to attempt any sort of
notification at all... so an interoperable implementation cannot depend
on getting them anyway.)

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Re: Phase 1 KB lifetime

From: Ben McCann <bmccann@indusriver.com>

Prev by Date: Re: Phase 1 KB lifetime
Next by Date: Re: Bruce Schneier on IPsec
Prev by thread: Re: Phase 1 KB lifetime
Next by thread: RE: Phase 1 KB lifetime
Index(es):
- Main
- Thread