Hi Paul,
Regarding your second point, I would like to avoid feature creep in this
document. So unless there's a real good reason to add text (e.g. a new
security requirement) I would suggest not to do it. More specifically,
since this is a matter of local policy and implementations differ, we
could debate it forever and for little gain.
Thanks,
Yaron
On 2013-10-17 17:13, Paul Wouters wrote:
On Thu, 17 Oct 2013, Tero Kivinen wrote:
I made new version of the RFC5996bis (yes, I am more than month too
late from my original time-estimate).
This version removes the Raw RSA public keys
Is that the old version that would be obsoleted by
draft-kivinen-ipsecme-oob-pubkey that no one implemented?
While updating the retransmit timers in libreswan, I found no useful
information in 5996. Is that something we could add? I know it is
local policy but perhaps it would be good to add some guidance for
implementors. Do people use sub-second retries? exponential backoff?
How do people deal with slow wakeup stacks (eg 3G) and preventing of
firsts of duplicate first packets?
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
