Hi Linda, fenghongyan wrote: > Hi, Gerhard > > Thanks for your comments, I read the proposals, I can see it's a good idea to > solve the dtls/udp's flaw. > "time-out" is a solution, but it's disadvantage here is hard to decide an > appropriate least round trip times, > A short "time-out" will cost the dtls client large calculation expense. > Providing a "heart-beat" solution > the sender needn't renegotiation at each round trip time of "heart-beat", > which may set > a longer resume-session time and renegotiation time according to its > strategy. > I prefer a "heart-beat" solution than a "time-out" solution for this issue. > > The only thing left here for syslog-dlts is if we need specific using > "heart-beat" in a syslog-dtls proposal?
The DTLS heartbeat extension is an individual draft which has been presented in the TLS WG session on Friday. Some reactions were that such an extension could be useful, not only for DTLS but also for TLS where detecting a timed out TCP connection may take a very long time. However, it's not clear if the TLS WG will support the draft. If not, you will have problems to use it for syslog-dtls. It's the same for IPFIX. > It's a problem of dtls/udp, which can be fixed in the implementation of dtls > and as a part of dtls protocol. I share this opinion. I think that DTLS for UDP would generally profit from such an extension. Without, DTLS for UDP is of limited utility. > There's anything need syslog-dtls to do to support it? what's your > consideration? Not sure. We have not tried the corresponding OpenSSL patch yet. Maybe the application (e.g. syslog) has to trigger the Heartbeat. Regards, Gerhard > Thanks > Linda -- Dipl.-Ing. Gerhard Münz Chair for Network Architectures and Services (I8) Technische Universität München - Department of Informatics Boltzmannstr. 3, 85748 Garching bei München, Germany Phone: +49 89 289-18008 Fax: +49 89 289-18033 E-mail: [email protected] WWW: http://www.net.in.tum.de/~muenz
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
