RE: Racing QM Initiator's

[Sankar Ramamoorthi <Sankar@vpnet.com>]

While I agree with the notion of supporting multiple independent SAs

this question is more out of curiosity.

>From Richard Steven's TCP/IP Volume 1 Chapter 18.8 paragraph 4

'TCP was purposely designed to handle simultaneous opens and the rule is
only one
connection results from this, not two connections. (Other protcol suites,
notably the OSI transport layer, create two connections in this scenario,
not one).'
I believe there is similiar wording in RFC 793 emphasising simultaneous
open.

I don't know if there is a particular advantage to this feature.
During the initial design of IKE did such an approach (simultaneous
connections
resulting in one connection) come up in the discussions? Is it worthwhile
or feasible for a security protocol?

Thanks,

-- sankar --



-----Original Message-----
From: Scott G. Kelly [mailto:skelly@redcreek.com]
Sent: Wednesday, October 13, 1999 6:27 PM
To: Radha Gowda
Cc: Jan Vilhuber; Ben McCann; ipsec@lists.tislabs.com
Subject: Re: Racing QM Initiator's


Radha Gowda wrote:
> 
> > To the list at large:
> >
> > Why can't we put verbiage like this into the RFC? Is there some reason
this
> > is a bad thing to do?
> 
> I also would like to point out to the list that Diffie-Hellman calculation
does
> not
> come cheap for some of us (atleast for now).

I think the point is that we must be able to support independent
simultaneous SAs between security gateways. Otherwise, how will we
provide PFS? If you cannot handle the DH calculation, then I suppose
that you can serialize these, but this is not a good argument for
dumbing down the standard, is it?

Scott

---

Follow-Ups:

• Re: Racing QM Initiator's
• From: Dan Harkins <dharkins@network-alchemy.com>

---

• Prev by Date: Re: Racing QM Initiator's
• Next by Date: Re: Racing QM Initiator's
• Prev by thread: Re: Racing QM Initiator's
• Next by thread: Re: Racing QM Initiator's
• Index(es):
  • Main
  • Thread