On Feb 1, 2010, at 7:45 PM, Venkatesh Sriram wrote: > Hi, > > Most IETF documents state that replay protection is not provided with > manual keying. I wanted to understand the reason for the same. Is it > because with manual keying there is no way to negotiate the sequence > numbers and thus provision for replay protection is not supported?
And in particular, after a reboot you've lost all knowledge of your sequence number space. (This has been a real issue for WEP; see http://www.cs.berkeley.edu/~daw/papers/wep-mob01.ps) --Steve Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
