Yaron Sheffer writes: > Going back to the original issue: there is no interoperable way to > send "generic dummy packets".
True, and that is ok. This dummy packet does NOT require any processing from the other end except that some ESP packet needs to be sent, so other end knows that initiator has installed the SA keying material, and can start sending its own data to the SA. It does not matter whether two peers agree on what kind of dummy packet is sent, or whether the other end understands anything about the dummy packet. The dummy packet could be completely random garbage packet too, which then gets ESP encapsulated, and then other end will decrypt it and throw it away is it is random. It would be good if the packet would fit in the traffic selectors, as otherwise the other end might send unneeded INVALID_SELECTORS notification back... > So it's OK if we mention dummy ESP packets, but anything else would > be implementation specific. Even pings. Yes, this is implementation specific, and thats why I think it is better to just talk about "dummy message" as the original text said. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
