[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: INITIAL-CONTACT issues

To: "'Scott G. Kelly'" <skelly@redcreek.com>, Sankar Ramamoorthi <Sankar@vpnet.com>
Subject: RE: INITIAL-CONTACT issues
From: Sankar Ramamoorthi <Sankar@vpnet.com>
Date: Mon, 3 May 1999 18:51:04 -0700
Cc: "'Stephen Kent'" <kent@bbn.com>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com


If the same TCP stream is used across rekeying,
then TCP connection overhead is not an issue - right?

-- sankar --


-----Original Message-----
From: Scott G. Kelly [mailto:skelly@redcreek.com]
Sent: Monday, May 03, 1999 6:44 PM
To: Sankar Ramamoorthi
Cc: 'Stephen Kent'; ipsec@lists.tislabs.com
Subject: Re: INITIAL-CONTACT issues


Sankar Ramamoorthi wrote:

<trimmed...>

> I am implementing 'COMMIT' and 'INITIAL-CONTACT' etc,
> and the question I keep having is.
> 'Is there any reason why IKE is not implemented on
> top of TCP?'
> The architecture seems to allow it - most of the
> implemenations using IKE also have a tcp stack
> (atleast the one's I have seen).
> Any reason why TCP was not considered as a choice
> (atleast a SHOULD support) for carrying IKE traffic?
> 

For one thing, think about relatively rapid rekeying, and then think
about tcp connection setup overhead...

Follow-Ups:

RE: INITIAL-CONTACT issues

From: Alex Alten <Alten@home.com>

Re: INITIAL-CONTACT issues

From: "Scott G. Kelly" <skelly@redcreek.com>

Prev by Date: Re: INITIAL-CONTACT issues
Next by Date: RE: INITIAL-CONTACT issues
Prev by thread: RE: INITIAL-CONTACT issues
Next by thread: RE: INITIAL-CONTACT issues
Index(es):
- Main
- Thread