[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]

To: "Valery Smyslov" <svan@trustworks.com>
Subject: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
From: Bill Sommerfeld <sommerfeld@East.Sun.COM>
Date: Mon, 17 Jul 2000 05:36:02 -0400
cc: sommerfeld@East.Sun.COM, hugh@mimosa.com, "Dan Harkins" <dharkins@cips.nokia.com>, "Henry Spencer" <henry@spsystems.net>, "IPsec List" <ipsec@lists.tislabs.com>, "Hugh Daniel" <hugh@toad.com>, "John Gilmore" <gnu@toad.com>
In-reply-to: Your message of "Mon, 17 Jul 2000 08:23:13 +0400." <000d01bfefa6$ba8744e0$a7253ac3@elvis.ru>
Reply-to: sommerfeld@East.Sun.COM
Sender: owner-ipsec@lists.tislabs.com

> Nothing prevents implementation from keeping last received packet
> (or hash of it) in SA state and discarding any incoming packet if it
> is identical to the packet kept. At least our implementation behaves
> this way and we have never encountered your problem.

You'll still get wind up with garbled decryptions of a retransmission
if the network reorders packets on you..  i.e., if you recieve packet
1, then packet 2, then a duplicate/retransmission of packet 1.

(maybe you've not played with flakeways and other similarly "abusive"
test environments..)

						- Bill

Follow-Ups:

Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]

From: "Valery Smyslov" <svan@trustworks.com>

References:

Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]

From: "Valery Smyslov" <svan@trustworks.com>

Prev by Date: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
Next by Date: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
Prev by thread: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
Next by thread: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
Index(es):
- Main
- Thread