[IPsec] Replay Protection
Venkatesh Sriram <vnktshsriram@gmail.com> Tue, 02 February 2010 00:45 UTC
Return-Path: <vnktshsriram@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1BEAF3A68E3 for <ipsec@core3.amsl.com>; Mon, 1 Feb 2010 16:45:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BFywj-ELLnOG for <ipsec@core3.amsl.com>; Mon, 1 Feb 2010 16:45:09 -0800 (PST)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by core3.amsl.com (Postfix) with ESMTP id 514243A68DA for <ipsec@ietf.org>; Mon, 1 Feb 2010 16:45:09 -0800 (PST)
Received: by vws1 with SMTP id 1so1538760vws.31 for <ipsec@ietf.org>; Mon, 01 Feb 2010 16:45:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=J6krv2p3ECaC3SEa+p38pS+jfja6aKRtjlJT77YhWv8=; b=oC8qEgqEPEUDra885El+ajPDN+tVMu8NQes9rs06dEYYF6Be4vfewWM1EFkYsb92x1 r/u2EDy+5Axcjk0IHZ/5kOLRioTbodUhHvfNvTO7LlDkDx6laxA/oacR8yDDFZlOh6n/ TcP8IW2Rib14WbxvI8qEKAZHZxGZ0VBnFq31g=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=MtlXLD1UbIopMJsvvXQa9CdpiEN4Htpz+TGAxTY8cxYPqhP3RMSEa6kArsb8lknnOS lZt9l/EvBbPkxAQkWdaN3BjGdB0UxVoJkUD1b12vPUw6/FKcogFcZlzXFYxtRJz7BM0m s9kSCxLWOIIWHjO7VazzjzC72aTkgMjCQiSKs=
MIME-Version: 1.0
Received: by 10.220.126.208 with SMTP id d16mr6747769vcs.80.1265071540332; Mon, 01 Feb 2010 16:45:40 -0800 (PST)
Date: Tue, 02 Feb 2010 06:15:40 +0530
Message-ID: <bb34331b1002011645h6f53df1ds8af77981146377b9@mail.gmail.com>
From: Venkatesh Sriram <vnktshsriram@gmail.com>
To: ipsec@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [IPsec] Replay Protection
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2010 00:45:10 -0000
Hi, Most IETF documents state that replay protection is not provided with manual keying. I wanted to understand the reason for the same. Is it because with manual keying there is no way to negotiate the sequence numbers and thus provision for replay protection is not supported? Thanks, Sriram
- [IPsec] Replay Protection Venkatesh Sriram
- Re: [IPsec] Replay Protection Dan McDonald
- Re: [IPsec] Replay Protection Venkatesh Sriram
- Re: [IPsec] Replay Protection Steven Bellovin