[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
> Nothing prevents implementation from keeping last received packet
> (or hash of it) in SA state and discarding any incoming packet if it
> is identical to the packet kept. At least our implementation behaves
> this way and we have never encountered your problem.
You'll still get wind up with garbled decryptions of a retransmission
if the network reorders packets on you.. i.e., if you recieve packet
1, then packet 2, then a duplicate/retransmission of packet 1.
(maybe you've not played with flakeways and other similarly "abusive"
test environments..)
- Bill
Follow-Ups:
References: