Hi Tobias, > Hi Valery, > > I agree that generally retransmits are not useful or needed with TCP > encapsulation. But as I see it, retransmits might actually be required > in some situations. If the client sends e.g. a CREATE_CHILD_SA request > but the TCP connection is closed or gets unusable for some reason before > the server's response is received, the client has to reestablish the TCP > connection. And the only way to do this (with window size 1, so no DPD > or MOBIKE update can be sent) is to send a retransmit of the already > sent message (otherwise the server might not know which TCP connection
That's why I suggested SHOULD :-) > to use to send the CREATE_CHILD_SA response - I guess ESP packets could > be used for that too, if there are any and there is a way to get > notified in userland). On the other hand, RFC 8229 explicitly says that > a responder should not consider retransmitted messages when deciding > which TCP connections should be used...so I guess there is no way to > recover properly if the TCP connection is severed mid-exchange (e.g. > because a NAT device is rebooted or the client device roams between > networks). Yes, there may be situations which are difficult to recover from... Regards, Valery. > Regards, > Tobias _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
