Teddy Hogeborn <[EMAIL PROTECTED]> writes: > Simon Josefsson <[EMAIL PROTECTED]> writes: > >> Teddy Hogeborn <[EMAIL PROTECTED]> writes: >> >>>> This might introduce network timeouts, but if the Mandos client is >>>> robust about that there shouldn't be a problem. >>> >>> I'm not sure what you mean. Should not a TLS connection over TCP >>> be alive indefinitely even if no data is sent over it? >> >> NAT firewalls tend to drop TCP sessions without any traffic over >> them after some time. Possibly the client could retry after some >> interval. Maybe your protocol could contain a ping-function. This >> would add some complexity, so for simplicity might be better to >> avoid. > > If this really would be a problem for somebody, should not this simply > be solved by setting SO_KEEPALIVE?
Possibly, although I'm not certain. > Now, the system as it is today is restricted to the local network (no > network configured in the initrd, so we use IPv6 link-local > addresses), so this should never happen. Ah, that changes the model somewhat. I guess it could be extended to use DHCP and talk to a Mandos server somewhere else on the Internet though. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
