Re: Heartbeats Straw Poll

>>>>> "Shawn" == Shawn Mamros <smamros@nortelnetworks.com> writes:
    Shawn> Why reinvent the wheel?  We have a protocol that already does
    Shawn> this: ICMP.

    Shawn> IPsec transport mode SA, negotiated specifically for ICMP, between
    Shawn> the two endpoint addresses.  No changes to IKE necessary, just a
    Shawn> matter of policy on both sides.  Don't want heartbeats?  Don't set
    Shawn> up the SA.

    Shawn> Either side can initiate a ping anytime they want.  No need to
    Shawn> negotiate intervals, or retry counts, or any of that.  Each side
    Shawn> decides their own policy in this regard.  If the other side
    Shawn> doesn't answer, delete the SA and any other SAs considered to be
    Shawn> related.

  a) this may not be entirely clear

    Shawn> Since it's a separate SA, those who don't want to add the ping

  b) since it is a seperate SA, it really tells you nothing about the
	SAs that you want to use

  c) hardware devices have typically a limited number of slots for
	SAs, so one would prefer not to double the number of them and
	cause thrashing.

  d) I think that ICMP should always fit into all SAs anyway.

