Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension
RFC 6520

Note: This ballot was opened for revision 04 and is now closed.

(Jari Arkko) (was Discuss) Yes

(David Harrington) Yes

(Sean Turner) Yes

(Ron Bonica) No Objection

(Stewart Bryant) No Objection

Comment (2011-11-03 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
I agree with Adrian's concerns WRT guidance on message frequency and timeout.

(Gonzalo Camarillo) No Objection

(Ralph Droms) No Objection

(Wesley Eddy) No Objection

Comment (2011-11-02 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
Stephen's DISCUSS seems very important to consider, though I'm no expert in this area, I support Stephen's DISCUSS.

(Adrian Farrel) (was Discuss) No Objection

Comment (2011-11-02)
No email
send info
Section 4

   When a HeartbeatRequest message is received, a corresponding
   HeartbeatResponse message MUST be sent carrying an exact copy of the
   payload of the HeartbeatRequest.

I know what you mean, but several places in the text contradict this by
giving cases when a response is not to be sent.


I wonder why section 5.2 doesn't discuss the question of whether it is
necessary to have both ends transmitting heartbeats, or good enough for
just one to do it.

(Stephen Farrell) (was Discuss) No Objection

(Russ Housley) No Objection

(Pete Resnick) No Objection

Comment (2011-10-31 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
Section 3 says, "If no corresponding HeartbeatResponse message has been received after some amount of time, the DTLS/TLS connection MAY be terminated by the user." Who is "the user" in this case? The reason I ask is that I'm afraid this sentence is going to cause some not-so-bright implementers to need instructions like we had to provide in draft-ietf-tcpm-persist, taking it to mean that only an end-user can terminate a DTLS/TLS connection. Do you mean "the application that initiated the HeartbeatRequest can terminate the connection"? Or that "the DTLS/TLS layer can terminate the connection"? A little more clarity here would minimize future stupidity.

(Dan Romascanu) No Objection

(Peter Saint-Andre) No Objection

(Robert Sparks) No Objection