[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question on TCP MSS with repsect to IPSEC

To: Rob Adams <adams@tgv.com>
Subject: Re: Question on TCP MSS with repsect to IPSEC
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Wed, 31 Jul 1996 17:26:31 -0400
Cc: ipsec@TIS.COM, naganand@ftp.com
In-Reply-To: adams's message of Wed, 31 Jul 1996 14:01:01. <19960731140101adams@North-Bridge.cisco.com>
Sender: ipsec-approval@neptune.tis.com

I hope the result of this discussion winds up in an I-D somewhere...

	This becomes an interesting problem though when you are
	speaking to a host with one association and then form 
	another with different transforms.

	If I form another association with that host that requires AH
	with SHA and replay, then I want to shave off 32 bytes.
	Bookkeeping the fact that I've already shaved off 24 and only
	need to drop down an extra 8 is the interesting part.

Presumably, one needs to send both secured and unsecured traffic at
the same time (key management is one case where you'd want to do this..).

Wouldn't it be simpler to keep a "pre-security" MTU in the routing
table (or wherever), and a "post-security" MTU (and/or MTU delta) in
the security association data structures?

				- Bill

References:

Re: Question on TCP MSS with repsect to IPSEC

From: Rob Adams <adams@tgv.com>

Prev by Date: Re: PF_KEY Key Management API
Next by Date: Re: PF_KEY Key Management API
Prev by thread: Re: Question on TCP MSS with repsect to IPSEC
Next by thread: PF_KEY Key Management API
Index(es):
- Main
- Thread