Re: Application data during key re-exchange

To: Niels Möller <nisse%lysator.liu.se@localhost>
Subject: Re: Application data during key re-exchange
From: "Andersson, Mats" <mats.andersson%appgate.com@localhost>
Date: Wed, 13 Mar 2002 08:38:32 +0100 (CET)

On 12 Mar 2002, Niels Möller wrote:
> Another possible interpretation is that the only messages that can be
> sent between KEXINIT and NEWKEYS are key-exchange messages and DEBUG,
> DISCONNECT and IGNORE. Then all channels on the connection will freeze
> completely during the entire key exchange process, which seems
> undesirable, in particular with slow connections and machines. For

This is my interpretation. And how our implementation works (seems
cleanest doesn't it?). In our case it's also the most sensible thing to do
to disallow traffic from higher layers during keyexchange since we have a
multi-threaded implementation which would end up more complex and with
some extra unnecessary synchronization (i.e. checks for keyexchange in
progress). Given that the key-reexchange comes once an hour (or after one
GB data) it doesn't seem much of an issue IMHO.

Cheers,

/Mats

References:
- Application data during key re-exchange
  - From: Niels Möller

Prev by Date: Re: Core draft last call update.
Next by Date: Re: Core draft last call update.
Previous by Thread: Re: Application data during key re-exchange
Next by Thread: working group last call is complete.
Indexes:

Home | Main Index | Thread Index | Old Index