Re: replay field size straw poll
"Steven M. Bellovin" <smb@research.att.com> Tue, 11 February 1997 22:13 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id RAA20867 for ipsec-outgoing; Tue, 11 Feb 1997 17:13:43 -0500 (EST)
Message-Id: <199702112214.RAA09176@smb.research.att.com>
X-Authentication-Warning: smb.research.att.com: smb owned process doing -bs
To: Stephen Kent <kent@bbn.com>
cc: dpkemp@missi.ncsc.mil, ipsec@tis.com
Subject: Re: replay field size straw poll
Date: Tue, 11 Feb 1997 14:14:20 -0800
From: "Steven M. Bellovin" <smb@research.att.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
I concurr with all three of your points re anti-replay field size and hash size. I'd also like to add the observation that I think we will have errors in implementations of the anti-replay windows, because of the need for the modular arithmetic (since we are not starting the counters at 0 or 1). So, having a single size counter for both AH and ESP may further minimize the time it will take to get the bugs out of this code. Since this isn't a sliding window counter (as the TCP sequence number is), I suspect that the two's-complement arithmetic that is now universally used will make most implementations just work. It wouldn't hurt to include a sample two lines of code showing the right way to do the comparison, however...
- RE: replay field size straw poll David P. Kemp
- RE: replay field size straw poll Stephen Kent
- Re: replay field size straw poll Steven M. Bellovin
- RE: replay field size straw poll Robert Glenn
- RE: replay field size straw poll Naganand Doraswamy
- RE: replay field size straw poll Rob Adams
- Re: replay field size straw poll Stephen Kent
- RE: replay field size straw poll Luis A. Sanchez
- RE: replay field size straw poll wei