Re: Comments on: draft-vlado-ipsec-keep-alive-00.txt

[Vlado Zafirov <vladoz@radware.com>]

Ari,

I realy appreciate all these comments I got last couple of days. Thank you.

     Let me address your comments:
         1. Phase 2 communication need to be done before this exchange can take
place. We need SA established so secure packet can be sent back and forth
         2. Cut&paste text was added for completeness and easy reading of the
document. I know everybody knows what I am talking about but still it's just
             make overall read flow easy. But this very easy can be "cut" again :)
         3. Fail-safe GW is a major issue these days as you know and easy explains
what's we're trying to achieve and I work for load-balancer vendor :)))
             But this can be trown away also. I just need a little more comments is
it good or bad example.
         4. API stuff I believe is very important. Since it states how an application
should react when this exchange occurs. Let's make developers life simpler.

Ari Huttunen wrote:

 > "Scott G. Kelly" wrote:
 > > >  > Hi Vlado,
 > > >  >
 > > >  > I'm not sure if you were aware of it, but there is another Internet-Draft
 > > >  > whose goal it is to provide the same functionality.  See
 > > >  > http://www.vpnc.org/draft-ietf-ipsec-heartbeats
 > > >  >
 > > >  > It has received quite a bit of feedback, and I think that most people are
 > > >  > pretty satisfied with it.
 > >
 > > This is absolute nonsense. Take a straw poll right now.
 > >
 > > <much trimmed after this...>
 > >
 > > All in all, I think the rough consensus was that a much simpler
 > > mechanism would suffice.
 > >
 > > Scott
 >
 > At least I would very happy to see a SIMPLE solution. Vlado's
 > solution could probably be quite fine. It should drop all mentioning
 > of phase 2, it's unnecessary since it runs on top of phase 1 SA.
 > The draft could also throw away the text cut&pasted from ISAKMP RFC,
 > we've all read it, thank you. Similarly, mentioning a particular
 > implementation of fail-safe GW, or particular API details could be deleted.
 >
 > --
 > Ari Huttunen                   phone: +358 9 859 900
 > Senior Software Engineer       fax  : +358 9 8599 0452
 >
 > F-Secure Corporation       http://www.F-Secure.com
 >
 > F-Secure products: Integrated Solutions for Enterprise Security

--
Vlado Zafirov
RADWare, INC
Technical Support Engineer
Tel: (202) 625-1505
Fax: (202) 625-1506

Confidentiality Note: This e-mail, and any attachment to it, contains privileged and
confidential information intended only for the use of the individual(s) or entity
named in the e-mail. If the reader of this e-mail is not the intended recipient, or
the employee or agent responsible for delivering it to the intended recipient, you
are
hereby notified that reading it is strictly prohibited. If you have received this
e-mail in error, please immediately return it to the sender and delete it from your
system.
Thank you.

---

References:

• I-D ACTION:draft-vlado-ipsec-keep-alive-00.txt
• From: Internet-Drafts@ietf.org
• Re: Comments on: draft-vlado-ipsec-keep-alive-00.txt
• From: Vlado Zafirov <vladoz@radware.com>
• Re: Comments on: draft-vlado-ipsec-keep-alive-00.txt
• From: "Scott G. Kelly" <skelly@redcreek.com>
• Re: Comments on: draft-vlado-ipsec-keep-alive-00.txt
• From: Ari Huttunen <Ari.Huttunen@F-Secure.com>

---

• Prev by Date: Re: IPSEC WG vs. IPSP/ISPRA WGs (Re: phase 2 and ports)
• Next by Date: RE: Comments on: draft-vlado-ipsec-keep-alive-00.txt
• Prev by thread: Re: Comments on: draft-vlado-ipsec-keep-alive-00.txt
• Index(es):
  • Main
  • Thread