[Swan-dev] fixing Windows rekeying

Paul Wouters paul at nohats.ca
Wed Apr 29 17:35:42 UTC 2020

On Wed, 29 Apr 2020, Tuomo Soini wrote:

>> An earlier version of the patch needed that then I relaized that
>> whole logic different. And fixed it.
> I also note that my initial suggestion as a fix was to remove the check
> because it's quite meaningless - whatever remote suggests we ignore
> anyway on rekey.

The reason this came up was a bug on our end where we as initiator of a
rekey send a bogus proposal that was not rejected. The desire is to do
the checks so we can fail properly instead of continuing, responding
to the initiator and then the initiator finding out it got something
bad that is not within its set of allowed TS. It then would have to
create a new informational message to delete, or ignore our response
and retransmit.

I think the desire to fail cleaner is good.


More information about the Swan-dev mailing list