Setting the window size for replay protection with setkey does not provided decent protection?
On Fri, May 29, 2009 at 02:50:18PM -0400, Doug Baggett wrote:You mean manually-added IPsec SAs?
> So after getting IPSEC running using racoon and SPD after reading the howto
> It occurred to me that doing PSK with SPD directly instead of using racoon
> for a simple point to point setup seems a whole lot easier. (plus no ports
> needed for automatic keying).
If you have a sufficiently motivated adversary, he/she can capture your
> Can somebody give me the reasons why I might want to stay with racoon over
> SPD on a simple setup like I described?
traffic and replay it. There's no replay protection without key refreshment.