[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2401bis Issue # DD -- Anti-replay notification

To: Tero Kivinen <kivinen@ssh.fi>, "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Subject: Re: 2401bis Issue # DD -- Anti-replay notification
From: Karen Seo <kseo@bbn.com>
Date: Fri, 3 Oct 2003 04:14:32 -0400
Cc: ipsec mailingList <ipsec@lists.tislabs.com>
In-Reply-To: <16250.43227.130776.747346@ryijy.hel.fi.ssh.com>
References: <p05200f50bb9ecb6ebc18@[128.89.89.115]><200310010856.h918umCH014062@nyarlathotep.keromytis.com><16250.43227.130776.747346@ryijy.hel.fi.ssh.com>
Sender: owner-ipsec@lists.tislabs.com

Folks,

Since anti-replay is purely a receiver option, the receiver can tell 
the sender that the receiver does not care about AR for a given SA, 
and thus permit the sender to NOT create a new SA when the counter 
wraps. Clearly this would not be needed if we always used 64-bit 
sequence numbers, but while we require support for 64-bit sequence 
numbers in ESPv3, we don't mandate their use.

Karen

References:
- 2401bis Issue # DD -- Anti-replay notification
  - From: Karen Seo <kseo@bbn.com>
- Re: 2401bis Issue # DD -- Anti-replay notification
  - From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>
- Re: 2401bis Issue # DD -- Anti-replay notification
  - From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: Re: 2401bis Issue #67 -- IPsec management traffic
Next by Date: Re: 2401bis Issue #67 -- IPsec management traffic
Prev by thread: Re: 2401bis Issue # DD -- Anti-replay notification
Next by thread: 2401bis Issue # 83 -- DROP'd inbound packet -- missing requiredIPsec protection
Index(es):
- Date
- Thread