[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: long lifetime SPI's
> From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
> Photuris implementations should be engineered to behave gracefully
> during a severe startup transient; the cleanest way to do this may
> well be for responders to temporarily stop responding to cookie
> requests if the number of pending exchange computations got too
> large..
>
There is already such a Responder error return:
6.2.3. Resource Limit
This Error_Message Code is sent when a Cookie_Request or
Change_Message is received, and too many SPI values are already in
use for that peer, or some other Photuris resource is unavailable.
When this Code is received, the party SHOULD NOT instantiate another
SPI until it has deleted an existing SPI, or waited for a cached SPI
entry to expire.
I will add:
The implementation SHOULD double the retransmission timeout for
sending another Cookie_Request.
Just common sense for most implementors (don't all timeout routines work
that way since Van Jacobson?), but sometimes it pays to state the
obvious.
Bill.Simpson@um.cc.umich.edu
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2