Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]

["Valery Smyslov" <svan@trustworks.com>]

----- Original Message -----
From: Bill Sommerfeld <sommerfeld@East.Sun.COM>
To: Valery Smyslov <svan@trustworks.com>
Cc: <sommerfeld@East.Sun.COM>; <hugh@mimosa.com>; Dan Harkins <dharkins@cips.nokia.com>; Henry
Spencer <henry@spsystems.net>; IPsec List <ipsec@lists.tislabs.com>; Hugh Daniel <hugh@toad.com>;
John Gilmore <gnu@toad.com>
Sent: Monday, July 17, 2000 1:36 PM
Subject: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]


> > Nothing prevents implementation from keeping last received packet
> > (or hash of it) in SA state and discarding any incoming packet if it
> > is identical to the packet kept. At least our implementation behaves
> > this way and we have never encountered your problem.
>
> You'll still get wind up with garbled decryptions of a retransmission
> if the network reorders packets on you..  i.e., if you recieve packet
> 1, then packet 2, then a duplicate/retransmission of packet 1.

OK, then keep all of them (or better hashes). I guess there will
be not too many of them, at most 3 :-)

> (maybe you've not played with flakeways and other similarly "abusive"
> test environments..)

We did. However test environments differ, so maybe we played
other scenarious then you.

> - Bill

Regards,
Valera.

---

References:

• Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
• From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

---

• Prev by Date: RE: problems with draft-jenkins-ipsec-rekeying-06.txt
• Next by Date: RE: Generating 3DES keys from SKEYID_e
• Prev by thread: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
• Next by thread: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
• Index(es):
  • Main
  • Thread