[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heartbeats Straw Poll

Jan Vilhuber wrote:
> On Tue, 8 Aug 2000, Michael Richardson wrote:
> >
> > >>>>> "Jan" == Jan Vilhuber <vilhuber@cisco.com> writes:
> >     Jan> We must agree to disagree then. it's far from 'overhead'. Hwo would
> >     Jan> YOU feel if you got charged for something that you didn't do?
> >
> >   How will you explain:
> >
> >       a) ESP+IP overhead
> >       b) IKE overhead
> >       c) banner ads on yahoo.com
> >
> That's all part of the traffic originated by the user. If they don't like
> paying for yahoo banner ads, don't go to yahoo, or get an ad-blocker.
> IKE overhead isn't part of the ipsec SA, and wouldn't be counted anyway.

Could we trash that red herring, please? If I go to a grocery store to buy
oranges, I also have to pay for the peels, even though I have no intention
of actually eating them. 

Having PINGS through phase II SAs would suit us quite fine, since we
already do it that way. The only problem with that is that some SAs won't
let the PINGS through.

So, we'd like to see either always allowing PINGS from one endpoint of 
the IPsec SA to the other endpoint, or some other simple mechanism.

Ari Huttunen                   phone: +358 9 859 900
Senior Software Engineer       fax  : +358 9 8599 0452

F-Secure Corporation       http://www.F-Secure.com 

F-Secure products: Integrated Solutions for Enterprise Security