Hi Tero, > [WG chair hat off] > > Valery Smyslov writes: > > TCP provides reliable transport, so there is no need for application to > > deal with retransmissions. Moreover, performing retransmissions by IKE > > in case of TCP on congested networks could further increase congestion > > and degrade performance. For this reason IKE initiator SHOULD NOT > > retransmit requests if they are sent over TCP. However, IKE responder > > MUST > > correctly handle retransmitted request messages received over TCP, but > > it SHOULD NOT resend response messages in this case. > > I think such text should have been added to the RFC8229. > > > I think not having such a recommendation in RFC8229 is an oversight. > > I'm not sure though it's worth filling in errata... What the WG thinks? > > I am not sure if it would be enough to make errata, I would actually > think it might be better to make RFC8229bis to fix this issue. The > problem with errata is that there are lots of people who do not notice > it...
I don't disagree with making RFC8229bis, however I'd rather not to do it right now, but instead wait some time to gain more experience with IKE over TCP. My gut feeling is that changing TCP connections on a live IKE SA will probably need more clarifications based on real life scenarios. > So I think you should make errata of it, and we most likely should > make new version of 8229 and add that text, but that is just my > personal view of the issue. So, I'll submit errata unless someone disagree and have better proposal. I think the errata can then be marked as "Hold for document update". Regards, Valery. > -- > [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
