Hosting Provided By

Re: linux-ipsec: replay windows in manual keyed mode

From: Niels Provos <provos(at)power3.physnet.uni-hamburg.de>
Date: Sat May 02 1998 - 17:23:43 EDT

Richard Guy Briggs writes:
> Again, I'm guessing that this 'feature' is obsolete since manual
> mode implies that replay protection be shut off.
My impression was that replay window _checking_ is not done with manual keying but as pointed out in a recent mail from Theodore Y. Ts'o to the ipsec mailing list, the sequence number/replay counter should still be incremented.

[...]
Raleigh interoperability issues

[...]
5. Replay of Zero

Some implementations were sending a replay prevention value of 0 when doing manually keying.

In the discussion which followed, Steve Kent noted that this was incorrect behavior, since the replay prevention field must be incremented.
[...]

Greetings
Niels

-- 
- PHYSnet Rechnerverbund     PGP V2.6 Public key via finger or key server
  Niels Provos               
  Universitaet Hamburg       WWW: 
http://www.physnet.uni-hamburg.de/provos/   
  Jungiusstrasse 9           E-Mail: provos@wserver.physnet.uni-hamburg.de
  Germany 20355 Hamburg      Tel.:   +49 40 4123-2404     Fax: -6571

Received on Sat May 2 17:40:08 1998

This message: [ Message body ]
Next message: Niels Provos: "Re: linux-ipsec: initiator/responder"
Previous message: Michael Tahot: "Re: linux-ipsec: transport mode scripts and instructions"
In reply to Richard Guy Briggs: "linux-ipsec: replay windows in manual keyed mode"
Next in thread: Richard Guy Briggs: "Re: linux-ipsec: replay windows in manual keyed mode"
Reply: Richard Guy Briggs: "Re: linux-ipsec: replay windows in manual keyed mode"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:10 EDT