> I think I will go for the hack that misuses re-negotiation as a kind of > heartbeat, keep alive or echo request. I tried to avoid this hack at > first because it is a computational burden. AFAIK re-negotiation means > restarting from scratch which means that expensive public key operations > have to be performed.
to avoid expensive full handshakes, what about using sessions? from what i read at http://tools.ietf.org/html/rfc4347#section-3, "To the greatest extent possible, DTLS is identical to TLS." and from what i read at http://tools.ietf.org/html/rfc5238 section 3.4: "multiple DTLS connections can be resumed from the same DTLS session, each running over its own DCCP connection." so my assumption here is that DTLS supports abbreviated handshakes for session resumptions. _________________________________________________________________ Windows Live™ Hotmail®: Chat. Store. Share. Do more with mail. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_hm_justgotbetter_explore_012009______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
