The replay window is used to tolerate the out-of-order packets, which is unpredictable before arrivals. The bigger window size should not introduce the security hole and be more prone to the attack. If an attacker eavesdrops the IPsec packet and if he/she has the capability of dropping the original packet, he/she sends only the replayed packet instead of original packet. In this case, even the small window has the same problem. It does not mean the bigger window size give the attacker more time to prepare the attack. But if the window is bigger, the performance may be affected. So it is a tradeoff and depends on the network bandwidth.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joby Sebastian Sent: Thursday, September 15, 2011 3:42 PM To: [email protected] Subject: [IPsec] Replay window size Hi, If my ESP replay window implementation supports a largest replay window size (say 4096), and there is no significant performance drop in managing a bigger window size, is it is always better to use the biggest window size? Is there a case where using a smaller window size is more desirable? Does a bigger window size introduce a security hole and more prone to an attack? Thanks, Joby _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
