Yaron Sheffer writes: > to reiterate: if you ensure that the Message ID value is always strictly > larger than in previous messages (i.e. if the failover member sends > old_value+delta for a large enough delta, and if the peer is willing to > accepts arbitrary jumps in the value) then both sides can protect > against replay without requiring either the nonce or the failover > counter. But this means that the Message ID value is *set* to a new > value on both sides, rather than *synchronized* (to a previous value).
Except there is no way to know the value of delta. And if you do not know value of delta, then you open yourself to replay attacks if your delta was too small. Having some arbitrary delta, which is impossible to pick properly, isn't really solving the problem, it just makes the attacks bit harder for the attacker, but it does not remove those attacks. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
