>>>>> On Wed, 3 Feb 2010 16:37:38 -0500, "David Harrington" >>>>> <[email protected]> said:
[cut to just the ISMS document's wording:] DH> DTLS Transport Model server implementations MUST support DTLS DH> cookies. DH> Implementations are not required to perform the stateless cookie DH> exchange for every DTLS handshake, but in environments where an DH> overload on server side resources is detectable by the DH> implementation it is RECOMMENDED that the cookie exchange is DH> utilized by the implementation. [And your comments:] DH> My impression is that syslog allows an admin to enable this as a DH> deployment option; tlstm seems to depend on the implementation. (and I DH> have difficulty knowing how an implementation will know if overlaod on DH> server side is detectable, unless it is doing the detection itself.) DH> Actually, we require it to be implemented but we're rather flexible on how it's actually used. Intentionally. I decided that there wouldn't be problems if different implementations did different things. Some implementations could have it configurable; others could do automatic detection, etc. So we certainly support the same case that syslog is doing, but we also allow implementations more flexibility. I don't believe this impacts interoperability of our base protocol. DH> 1) Is enable/disable capability a MUST implement for DTLS cookie DH> exchange? Not currently. DH> 2) Should tlstm recognize whether it is enabled/disabled? That's diving into protocol layers we said we wouldn't dive into. Specifically, I was requested not mention DTLS specific protocol message types in the document (like the syslog/DTLS document does). DH> 3) Would it be better to RECOMMEND or REQUIRE the cookie exchange in DH> syslog when the implementation can detect an overload on server DH> resources? Then that would prohibit an implementation from doing a runtime on/off/maybe setting. So personally, no, I don't see the need. But I also don't feel strongly about it. -- Wes Hardaker Cobham Analytic Solutions _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
