[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec error protocol
"sankar ramamoorthi" <sankar@nexsi.com> writes:
> If the receiver window is limited to 2**32 bits, then it means
> at 10Gig/sec speeds the receiver has to rekey after 400 seconds.
No, the receiver 'replay' window is limited to 2^32 bits. This means
you can only accept packets within this 400-second window, so if a
packet gets delayed by 400 seconds it will be dropped (because it is
now outside this window). You still only need to rekey every 2^64,
which is 400*2^32 seconds, which is a LARGE number.
> Is that acceptable?
I think the limitation of dropping packets delayed by 400s may be
acceptible, provided we're not talking about interplanetary internets.
I certainly believe that the 400*2^32 is sufficiently large.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
Follow-Ups: