[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Increased sequence number in ESP/AH

To: Dan Harkins <dharkins@cips.nokia.com>
Subject: Re: Increased sequence number in ESP/AH
From: Niels Provos <provos@citi.umich.edu>
Date: Tue, 23 Jan 2001 20:46:46 -0500
Cc: sommerfeld@East.Sun.COM, "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
In-Reply-To: Dan Harkins, Tue, 23 Jan 2001 13:42:49 PST
Sender: owner-ipsec@lists.tislabs.com

In message <200101232142.NAA19223@potassium.network-alchemy.com>, Dan Harkins w
rites:
>That's one way to do it. But if the recipient has already said she isn't
>going to be inspecting the counter, for whatever reason, why mandate that 
>the sender keep sending it? 
Did the recipient also say that she will give the session key to anyone
who is asking?

Aren't there security implications when replay protection is removed.
Wasn't IPsec supposed to solve them?

And if you can encrypt at 1GB/s, it shouldn't be a problem to run the
key exchange more often either.

IKE and IPsec already seemed complicated enough to me, but I am sure
that we can find good reasons to further complicate them.

This discussion is getting very confusing,
  Niels.

Prev by Date: Re: Increased sequence number in ESP/AH
Next by Date: Re: Increased sequence number in ESP/AH
Prev by thread: Re: Increased sequence number in ESP/AH
Next by thread: RE: Increased sequence number in ESP/AH
Index(es):
- Main
- Thread