-------------------- Lakshminath Dondeti (2004-05-04): I did not think of the 'sending of protected TCP ACKs to fake liveness' :-), but that prompts me to say that RR should require the client to decrypt the RR request message, and send a reply with information from within the request message. If the protocol were to send an empty informational message, wouldn't the client be able to "expect the time of the request" and send a valid "response?" -------------------- Pasi Eronen (2004-05-05): This is actually a very good point! It seems that in IKEv2 an empty informational exchange does not guarantee RR, since the client could generate the response without actually seeing the request... Perhaps we could re-use the COOKIE Notify payload for this? That is, when the gateway receives a request to update the SAs, it could reply with a COOKIE payload and the client would re-send the request with the cookie? This way, RR could be also skipped if necessary (for instance when switching back to an address that was already tested recently). This, of course, means that the address update request has to be sent from the new address (since the reply containing the cookie goes to the source address of the IKEv2 packet). This may also complicate "path failover" since it may be possible that a packet containing an address update request would be used for path testing... Personally I think it would be also acceptable to do the RR check after changing the address. That is, the gateway updates the SAs immediately, but then sends a separate informational exchange containing some kind of cookie. What do others think about this? -------------------- Maureen Stillman (2005-01-05): I agree with Pasi that the cookie approach is a good one to circumvent the problems associated with empty informational exchange messages. This approach is successfully used in other IETF protocols and I see no reason to invent a new mechanism. Is anyone opposed to this proposal for handling #15? -------------------- Jari Arkko (2005-03-04): Yes, I think we can consider this issue closed. Pasi, can you mark it closed on the issue web? Thanks. Note that we already have another open issue about the "when" part of RR, issue 6. That needs to be worked on. -------------------- Issue closed with decision "Add "cookie" payload to informational exchange." on 2005-03-07. --------------------