diff --git a/src/facilities.c b/src/facilities.c
index 8fdfaa3..120bfc0 100644
--- a/src/facilities.c
+++ b/src/facilities.c
@@ -69,7 +69,7 @@ static int transport_indication(facilities_t *facilities, void* responder, void*
         case TransportIndication_PR_packet:
             break;
         case TransportIndication_PR_data:
-            transport_data_indication(facilities, &ti->choice.data);
+            transport_data_indication(facilities, &ti->choice.data, security_socket);
             goto cleanup;
         default:
             syslog_debug("[facilities]<- unrecognized TI.choice received");
diff --git a/src/indications.c b/src/indications.c
index 5acdb0d..2fdaa5f 100644
--- a/src/indications.c
+++ b/src/indications.c
@@ -4,7 +4,7 @@
 #include <itss-security/SecurityRequest.h>
 #include <itss-security/SecurityReply.h>
 
-static void tcp_conn_reset(facilities_t* facilities, TCPConnRSTInfo_t* cri) {
+static void tcp_conn_reset(facilities_t* facilities, TCPConnRSTInfo_t* cri, void* security_socket) {
     if (cri->destinationAddress.size != 16) return;
 
     SecurityRequest_t* sreq = NULL;
@@ -20,10 +20,16 @@ static void tcp_conn_reset(facilities_t* facilities, TCPConnRSTInfo_t* cri) {
                 sreq->choice.tlsReset.connId = tolling->tls_conn_id;
 
                 uint8_t b_s[64];
-                asn_enc_rval_t enc = asn_encode_to_buffer(NULL, ATS_CANONICAL_OER, &asn_DEF_SecurityRequest, sreq, b_s, 64);
+                b_s[0] = 4;
+                asn_enc_rval_t enc = asn_encode_to_buffer(NULL, ATS_CANONICAL_OER, &asn_DEF_SecurityRequest, sreq, b_s+1, 63);
                 if (enc.encoded == -1) {
                     syslog_err("[facilities] SecurityRequest.tlsReset encoding failed");
                 }
+                
+                zmq_send(security_socket, b_s, enc.encoded+1, 0);
+                zmq_recv(security_socket, b_s, 64, 0);
+
+                // TODO handle SReply
             }
         }
     }
@@ -32,14 +38,14 @@ static void tcp_conn_reset(facilities_t* facilities, TCPConnRSTInfo_t* cri) {
     ASN_STRUCT_FREE(asn_DEF_SecurityRequest, sreq);
 }
 
-int transport_data_indication(facilities_t* facilities, TransportDataIndication_t* tdi) {
+int transport_data_indication(facilities_t* facilities, TransportDataIndication_t* tdi, void* security_socket) {
     int rv = 0;
 
     switch (tdi->present) {
         case TransportDataIndication_PR_tcp:
             switch (tdi->choice.tcp.present) {
                 case TCPDataIndication_PR_connInfoReset:
-                    tcp_conn_reset(facilities, &tdi->choice.tcp.choice.connInfoReset);
+                    tcp_conn_reset(facilities, &tdi->choice.tcp.choice.connInfoReset, security_socket);
                     break;
                 default:
                     rv = 1;
diff --git a/src/indications.h b/src/indications.h
index 6fdf954..42b8337 100644
--- a/src/indications.h
+++ b/src/indications.h
@@ -3,4 +3,4 @@
 #include "facilities.h"
 #include <itss-transport/TransportIndication.h>
 
-int transport_data_indication(facilities_t* facilities, TransportDataIndication_t* tpi);
+int transport_data_indication(facilities_t* facilities, TransportDataIndication_t* tpi, void* security_socket);