[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: issues from the bakeoff



Dan Harkins wrote:

>
>           It was suggested that a keepalive mechanism be built into IKE. Several people
>           already have proprietary keepalive mechanisms in their implementations.
>           Perhaps the person(s) who brought this up will write up a draft specifying
>           how this is to be done.

It may take some time to write and agree to such draft. Could we meanwhile  design some simple
(which may not be 100%  bullet-proff) logic around unprotected INVALID_SPI notifications that
rebooted node most likely to send to another party which is unaware of the re-booted partner
and keep sending encrypted traffic to it?


--
Bronislav Kavsan
IRE Secure Solutions, Inc.
100 Conifer Hill Drive  Suite 513
Danvers, MA  01923
voice: 978-739-2384
http://www.ire.com





References: