I think Toerless wrote:
>> I don't really know what "all epoch" mechanisms would mean. Ideally we
>> would look for the most easily adopted replay protection mechanism
>> that had in some othr protocol passed IETF SEC standards
>> approval. Whether its called epoch or not.Brian E Carpenter <[email protected]> wrote: > I mean that if you write the current epoch number into non-volatile > storage and then your node sleeps for a year, the epoch number could > perhaps have cycled. However, I agree that we should not re-invent this > wheel. I'm working on a document on epoch-id distribution that I hope to share in a week or so. In my model one should be able to get several (hundred) epoch's behind and still securely catch up. However, there are some edge cases where a system would have to engage in M_REQ_NEG (I think) unicast with the Epoch distributor to re-initialize one's state. -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
