Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
"Valery Smyslov" <svan@trustworks.com> Mon, 17 July 2000 19:40 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA22330; Mon, 17 Jul 2000 12:40:47 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id NAA15612 Mon, 17 Jul 2000 13:57:30 -0400 (EDT)
Message-ID: <002a01bff019$e7d04d20$53323ac3@elvis.ru>
From: Valery Smyslov <svan@trustworks.com>
To: sommerfeld@East.Sun.COM
Cc: IPsec List <ipsec@lists.tislabs.com>
References: <200007170936.e6H9a2J113489@thunk.east.sun.com>
Subject: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]
Date: Mon, 17 Jul 2000 22:07:42 +0400
MIME-Version: 1.0
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
----- Original Message ----- From: Bill Sommerfeld <sommerfeld@East.Sun.COM> To: Valery Smyslov <svan@trustworks.com> Cc: <sommerfeld@East.Sun.COM>; <hugh@mimosa.com>; Dan Harkins <dharkins@cips.nokia.com>; Henry Spencer <henry@spsystems.net>; IPsec List <ipsec@lists.tislabs.com>; Hugh Daniel <hugh@toad.com>; John Gilmore <gnu@toad.com> Sent: Monday, July 17, 2000 1:36 PM Subject: Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt] > > Nothing prevents implementation from keeping last received packet > > (or hash of it) in SA state and discarding any incoming packet if it > > is identical to the packet kept. At least our implementation behaves > > this way and we have never encountered your problem. > > You'll still get wind up with garbled decryptions of a retransmission > if the network reorders packets on you.. i.e., if you recieve packet > 1, then packet 2, then a duplicate/retransmission of packet 1. OK, then keep all of them (or better hashes). I guess there will be not too many of them, at most 3 :-) > (maybe you've not played with flakeways and other similarly "abusive" > test environments..) We did. However test environments differ, so maybe we played other scenarious then you. > - Bill Regards, Valera.
- simplifying rekeying [draft-jenkins-ipsec-rekeyin… D. Hugh Redelmeier
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… Jan Vilhuber
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… D. Hugh Redelmeier
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… Dan Harkins
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… Jan Vilhuber
- RE: simplifying rekeying [draft-jenkins-ipsec-rek… Andrew Krywaniuk
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… Henry Spencer
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… Dan Harkins
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… D. Hugh Redelmeier
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… Bill Sommerfeld
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… Dan Harkins
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… Valery Smyslov
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… Bill Sommerfeld
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… Paul Koning
- RE: simplifying rekeying [draft-jenkins-ipsec-rek… D. Hugh Redelmeier
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… Valery Smyslov
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… David W. Faucher
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… Dan Harkins
- Re: simplifying rekeying [draft-jenkins-ipsec-rek… D. Hugh Redelmeier