[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: INITIAL-CONTACT issues
If the same TCP stream is used across rekeying,
then TCP connection overhead is not an issue - right?
-- sankar --
-----Original Message-----
From: Scott G. Kelly [mailto:skelly@redcreek.com]
Sent: Monday, May 03, 1999 6:44 PM
To: Sankar Ramamoorthi
Cc: 'Stephen Kent'; ipsec@lists.tislabs.com
Subject: Re: INITIAL-CONTACT issues
Sankar Ramamoorthi wrote:
<trimmed...>
> I am implementing 'COMMIT' and 'INITIAL-CONTACT' etc,
> and the question I keep having is.
> 'Is there any reason why IKE is not implemented on
> top of TCP?'
> The architecture seems to allow it - most of the
> implemenations using IKE also have a tcp stack
> (atleast the one's I have seen).
> Any reason why TCP was not considered as a choice
> (atleast a SHOULD support) for carrying IKE traffic?
>
For one thing, think about relatively rapid rekeying, and then think
about tcp connection setup overhead...
Follow-Ups: