Projects/replay_cache_collision_avoidance and replay cache uses
hartmans at MIT.EDU
Mon Jan 5 17:16:46 EST 2009
The problem with sequence numbers is they depend on sequencing.
krb-priv and -safe do not have an ESP-like window. So, if you have a
UDP application and you want to support out-of-order packets, you're
stuck using time.
Now if you use subsession keys and we could assume that the scope of a
subsession key is a single authcontext, we would not need to write out
replay data. However that may be a bad assumption in some of the
cases where krb-priv is most attractive.
More information about the krbdev