Benjamin Schwartz writes: > On Mon, Feb 20, 2023 at 4:58 PM Michael Richardson <m...@sandelman.ca> wrote: > > Tero Kivinen <kivi...@iki.fi> wrote: > > I mean what should other end do if the other end says he will not > > do anti-replay checks? > > Not send unique relay values in the ESP. > > Yes but mostly for AH. My goal is related to draft-xu-risav, which would > benefit from the ability to repeat sequence numbers in AH when replay > protection is not required.
ESP and AH already allow that if you have multi sender situations, but IKE does not allow nogotiating such SAs. If you use g-ikev2 to negotiate multicast multi sender sa then I think the anti-replay is already disabled. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
