[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Increased sequence number in ESP/AH

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: Re: Increased sequence number in ESP/AH
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 23 Jan 2001 10:48:11 -0500
In-reply-to: Your message of "Mon, 22 Jan 2001 15:13:42 EST." <v0422080bb692438a43ca@[171.78.30.112]>
Sender: owner-ipsec@lists.tislabs.com


 >>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes:
     Stephen> My proposal calls for the extended sequence numbers to NOT occupy any 
     Stephen> more space in the ESP or AH headers. Instead, use of these numbers 
     Stephen> would be negotiated by IKE, so that interoperability would be 

   So, as I understand this note, it simply allows to hosts to agree to not
rekey after 2^32 packets, but rather go to a much higher number.

   I can see the benefit of this for extremely high bandwidth devices, but
even at OC-768 is it really necessary? 
   Is there more than you can tell about the intended application of this?

] Train travel features AC outlets with no take-off restrictions|gigabit is no[
]   Michael Richardson, Solidum Systems   Oh where, oh where has|problem  with[
]     mcr@solidum.com   www.solidum.com   the little fishy gone?|PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

Follow-Ups:

Re: Increased sequence number in ESP/AH

From: Stephen Kent <kent@bbn.com>

References:

Re: Increased sequence number in ESP/AH

From: Stephen Kent <kent@bbn.com>

Prev by Date: VPNCON Update (Feb 19-22, San Jose)
Next by Date: Re: ipsec error protocol
Prev by thread: Re: Increased sequence number in ESP/AH
Next by thread: Re: Increased sequence number in ESP/AH
Index(es):
- Main
- Thread