[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: INITIAL-CONTACT issues

To: Sankar Ramamoorthi <Sankar@vpnet.com>
Subject: Re: INITIAL-CONTACT issues
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Mon, 03 May 1999 18:44:15 -0700
CC: "'Stephen Kent'" <kent@bbn.com>, ipsec@lists.tislabs.com
Organization: RedCreek Communications
References: <D899E9E27BE9D211842200805FA67B43016E49@vpnet.com>
Sender: owner-ipsec@lists.tislabs.com

Sankar Ramamoorthi wrote:

<trimmed...>

> I am implementing 'COMMIT' and 'INITIAL-CONTACT' etc,
> and the question I keep having is.
> 'Is there any reason why IKE is not implemented on
> top of TCP?'
> The architecture seems to allow it - most of the
> implemenations using IKE also have a tcp stack
> (atleast the one's I have seen).
> Any reason why TCP was not considered as a choice
> (atleast a SHOULD support) for carrying IKE traffic?
> 

For one thing, think about relatively rapid rekeying, and then think
about tcp connection setup overhead...

References:

RE: INITIAL-CONTACT issues

From: Sankar Ramamoorthi <Sankar@vpnet.com>

Prev by Date: Re: IPSec support within BSDi 4.0?
Next by Date: RE: INITIAL-CONTACT issues
Prev by thread: RE: INITIAL-CONTACT issues
Next by thread: RE: INITIAL-CONTACT issues
Index(es):
- Main
- Thread