[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simplifying IKE

To: "David W. Faucher" <dfaucher@lucent.com>
Subject: Re: Simplifying IKE
From: Henry Spencer <henry@spsystems.net>
Date: Thu, 9 Aug 2001 09:22:10 -0400 (EDT)
cc: ipsec@lists.tislabs.com
In-Reply-To: <001f01c120d0$5fc05090$0101a8c0@mv.lucent.com>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 9 Aug 2001, David W. Faucher wrote:
> I believe that using the Message ID field as a counter
> has already been suggested, and in this case should work
> to prevent replay attacks.

Simply remembering message IDs also works; we've done this.  (Indeed, the
current RFCs can be read as requiring it, although the wording is obscure
and that reading is disputed.)  But the counter approach is definitely 
superior.

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Re: Simplifying IKE

From: "David W. Faucher" <dfaucher@lucent.com>

Prev by Date: DRAFT: ipsec charter update
Next by Date: RE: Simplifying IKE
Prev by thread: Re: Simplifying IKE
Next by thread: Re: Simplifying IKE
Index(es):
- Main
- Thread