[Swan] IKEv1 and a lost UDP packet
Paul Wouters
paul at nohats.ca
Sun Oct 20 21:43:33 EEST 2013
On Sun, 20 Oct 2013, Kevin Wilson wrote:
> Now I get to the point which try to understand and I am not sure about
> it at all.
>
> I saw in many places on the web that they say that IKEv2 is more
> reliable than IKEv1;
>
> For example, in http://eprint.iacr.org/2006/097.pdf:
>
> "IKEv1 and IKEv2 both run over the unreliable UDP protocol, but IKEv2
> adds retransmission and acknowledgement functions, so it is more
> reliable than IKEv1."
>
> Is it true to say so ?
>
> Is using the backoff algorithm as you described with trying forever
> at 40 is less reliable and less robust than waiting for ACK in IKEv2?
Both are robust and keep trying. But in IKEv1 you could have both ends
racing each other. In IKEv2 the full responsibility of retransmitting
is put on the initiator.
Paul
More information about the Swan
mailing list