[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Increased sequence number in ESP/AH

To: "Steven M. Bellovin" <smb@research.att.com>, ipsec@lists.tislabs.com
Subject: Re: Increased sequence number in ESP/AH
From: Andrea Colegrove <acc@columbia.sparta.com>
Date: Tue, 23 Jan 2001 16:31:35 -0500
References: <20010123212432.94DCB35C42@smb.research.att.com>
Sender: owner-ipsec@lists.tislabs.com

Steve,
    Let me rephrase the questions, please:

        Is the intent of expanding the sequence number purely for the purpose of
extending the SA lifetime, or are there other considerations?  and
        How will the multiple instances of replay be countered?

---- Andrea

"Steven M. Bellovin" wrote:

> In message <3A6DF166.60200CD1@columbia.sparta.com>, Andrea Colegrove writes:
> >Steve,
> >    How does this address freshness (anti-replay)?
> >
> >    Is this intended only as a useful feature for high-speed devices that may
> >need additional SA lifetime?
> >
>
> OC-192 -- deployed in some of today's backbones -- is roughly 1
> gigabyte/second.  Multiply by whatever you think is the average packet
> size, and multiply again by 4 -- but it's not a large number for the
> duration of an SA.
>
>                 --Steve Bellovin, http://www.research.att.com/~smb

References:

Re: Increased sequence number in ESP/AH

From: "Steven M. Bellovin" <smb@research.att.com>

Prev by Date: Re: Increased sequence number in ESP/AH
Next by Date: Re: Increased sequence number in ESP/AH
Prev by thread: Re: Increased sequence number in ESP/AH
Next by thread: Re: Increased sequence number in ESP/AH
Index(es):
- Main
- Thread