[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: issues from the bakeoff
Dan Harkins wrote:
>
> It was suggested that a keepalive mechanism be built into IKE. Several people
> already have proprietary keepalive mechanisms in their implementations.
> Perhaps the person(s) who brought this up will write up a draft specifying
> how this is to be done.
It may take some time to write and agree to such draft. Could we meanwhile design some simple
(which may not be 100% bullet-proff) logic around unprotected INVALID_SPI notifications that
rebooted node most likely to send to another party which is unaware of the re-booted partner
and keep sending encrypted traffic to it?
--
Bronislav Kavsan
IRE Secure Solutions, Inc.
100 Conifer Hill Drive Suite 513
Danvers, MA 01923
voice: 978-739-2384
http://www.ire.com
References: