Hi Yaron, Thanks for the comments, Ticket#205 create to track this.
On Thu, Nov 11, 2010 at 8:46 PM, Yaron Sheffer <[email protected]>wrote: > Hi, > > it seems to me we have created an overly complicated solution for replay > protection of the Msg ID = 0 messages. Specifically, I think both the > failover counter and the nonce can be eliminated. > > Since the messages are protected under the IKE SA, we just need to ensure > that in a correct run of the protocol, there is never any need to repeat > previous messages. This can be done by including *both* Msg ID counters in > each message, and specifying a few rules to make sure counters never go > backwards. > > Cluster member to client: > - The counter I plan to use next (based on a traffic/rekey rate estimate, > must be higher than the last message that was actually sent, otherwise it > might be rejected) > It will be better to jump this counter by IKEv2 Message Send Window size rather than measuring or guessing traffic here. > - The counter I think you will use next (the last known value, as received > from the failed cluster member) > > Client to cluster: > - The counter I really plan to use next (must be equal to or higher than > the received value) > - The counter you said you will use next > > And each side must accept incoming messages only if both values are equal > to or larger than the corresponding one previously received from the same > peer, and one of them is strictly larger than the previous value. > > Am I missing anything? > > Thanks, > Yaron > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec >
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
