On Feb 1, 2010, at 7:45 PM, Venkatesh Sriram wrote:
> Hi,
>
> Most IETF documents state that replay protection is not provided with
> manual keying. I wanted to understand the reason for the same. Is it
> because with manual keying there is no way to negotiate the sequence
> numbers and thus pro
>
> Programming interfaces to the SADB (like PF_KEY) or manual-keying programs
> (like setkey(8) on BSD or ipseckey(1M) on OpenSolaris) might be able to allow
> a manually-keyed SA with replay protection, but without the above operational
> restrictions, things would break down quickly. This is wh
On Tue, Feb 02, 2010 at 06:15:40AM +0530, Venkatesh Sriram wrote:
> Hi,
>
> Most IETF documents state that replay protection is not provided with
> manual keying. I wanted to understand the reason for the same. Is it
> because with manual keying there is no way to negotiate the sequence
> numbers
