Benjamin Schwartz writes: > On Mon, Feb 20, 2023 at 4:58 PM Michael Richardson <[email protected]> wrote: > > Tero Kivinen <[email protected]> wrote: > > I mean what should other end do if the other end says he will not > > do anti-replay checks? > > Not send unique relay values in the ESP. > > Yes but mostly for AH. My goal is related to draft-xu-risav, which would > benefit from the ability to repeat sequence numbers in AH when replay > protection is not required.
ESP and AH already allow that if you have multi sender situations, but IKE does not allow nogotiating such SAs. If you use g-ikev2 to negotiate multicast multi sender sa then I think the anti-replay is already disabled. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
