[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heartbeats draft available

To: "Scott G. Kelly" <skelly@redcreek.com>
Subject: Re: Heartbeats draft available
From: Tero Kivinen <kivinen@ssh.fi>
Date: Wed, 22 Mar 2000 06:16:02 +0200 (EET)
Cc: akrywani@newbridge.com, "'Ricky Charlet'" <rcharlet@redcreek.com>, ipsec@lists.tislabs.com
In-Reply-To: <38D80A43.A19B2F67@redcreek.com>
Organization: SSH Communications Security Oy
References: <003601bf937e$bf080740$1e0101c8@ANDREWK2.TIMESTEP><38D80A43.A19B2F67@redcreek.com>
Sender: owner-ipsec@lists.tislabs.com

Scott G. Kelly writes:
> Whether "heartbeats" are sent in a phase 1 or phase 2 SA, they are
> essentially a feature of the SA. Features of SAs are currently
> configured (and negotiated) using SA attributes. Why would these be any
> different?

Because SA payloads does not allow responder to modify the proposal.
In heartbeat protocol this is almost mandatory feature, because the
responder is the one who is going to send the packets, thus he wants
to control the parameters.

Of course we could say that when using this special heartbeat
negotiation protocol, the responder is allowed to modify the SA, but
the SA payload is also little too complicated for very basic
negotiation (all the things about transforms, protocols and
proposals). 
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

References:

RE: Heartbeats draft available

From: "Andrew Krywaniuk" <akrywani@newbridge.com>

Re: Heartbeats draft available

From: "Scott G. Kelly" <skelly@redcreek.com>

Prev by Date: Re: Announcing X-Bone VPN/overlay software release
Next by Date: Re: Q: What is advantage of tunnel mode between host to host scenrio?
Prev by thread: Re: Heartbeats draft available
Next by thread: RE: Heartbeats draft available
Index(es):
- Main
- Thread