[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
compliance question
A question for the protocol police. Section 3.3.3 of RFC2406 says:
The sender assumes anti-replay is enabled as a default, unless
otherwise notified by the receiver (see 3.4.3). Thus, if the counter
has cycled, the sender will set up a new SA and key (unless the SA
was configured with manual key management).
If anti-replay is disabled, the sender does not need to monitor or
reset the counter, e.g., in the case of manual key management (see
Section 5). However, the sender still increments the counter and
when it reaches the maximum value, the counter rolls over back to
zero.
Ignoring for the sake of a question whether disabling anti-replay is
smart or not, would an implementation be conformant if, when anti-replay
is disabled, the sequence number rolled over to zero prior to reaching
it's maximum value? That is 1, 2, ... 2^5, 1, 2, etc.
Dan.
Follow-Ups: