Hi,
it seems to me we have created an overly complicated solution for replay
protection of the Msg ID = 0 messages. Specifically, I think both the
failover counter and the nonce can be eliminated.
Since the messages are protected under the IKE SA, we just need to
ensure that in a correct run of the protocol, there is never any need to
repeat previous messages. This can be done by including *both* Msg ID
counters in each message, and specifying a few rules to make sure
counters never go backwards.
Cluster member to client:
- The counter I plan to use next (based on a traffic/rekey rate
estimate, must be higher than the last message that was actually sent,
otherwise it might be rejected)
- The counter I think you will use next (the last known value, as
received from the failed cluster member)
Client to cluster:
- The counter I really plan to use next (must be equal to or higher than
the received value)
- The counter you said you will use next
And each side must accept incoming messages only if both values are
equal to or larger than the corresponding one previously received from
the same peer, and one of them is strictly larger than the previous value.
Am I missing anything?
Thanks,
Yaron
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
