[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Replay problem

To: Shi Rong-rongshi1 <RONGSHI1@email.mot.com>
Subject: Re: Replay problem
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Tue, 13 Jun 2000 11:33:49 -0400
Cc: ?? <ZhouZh@huawei.com.cn>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <714BE32F82EED211B9CA0008C7C5A4DA0313D872@zuk28exm01.ecid.cig.mot.co
m>, Shi Rong-rongshi1 writes:
>Dear Steve,
>
>I noticed the discussion last year about loosing anti-replay protection in
>IPsec in case of manually SA management. Are there any changes in
>specificationsince then to address the issue of preserving anti-replay
>protection while using manaul SA mgmt?
>
>Regards,
>
>Rong
>
No.  The problem is that if a machine loses state (say, due to a 
reboot), it would restart the sequence space, allowing replays.  
There's also the issue of how to handle wrap-around.

		--Steve Bellovin

Prev by Date: Re: Replay problem
Next by Date: Re: AH padding after MD5/SHA1 hash value
Prev by thread: Re: Replay problem
Next by thread: AH padding after MD5/SHA1 hash value
Index(es):
- Main
- Thread