[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec and Fragmentation

To: Karen Heron <heron@us.ibm.com>
Subject: Re: IPsec and Fragmentation
From: Stephen Kent <kent@bbn.com>
Date: Wed, 8 Jul 1998 18:57:53 -0400
Cc: <ipsec@tis.com>
In-Reply-To: <5040300017945831000002L012*@MHS>
Sender: owner-ipsec@ex.tis.com

Karen,


>Thanks for the clarification. (However, I'm having trouble finding section
>3.2.5 in my copy of the architecture doc (draft-ietf-ipsec-arch-sec-05)).  But
>I believe that the statement in Appendix B, section B.2, "Fragmentation MUST
>be done after outbound IPsec processing." is incorrect.  In fact, for a tunnel
>mode SA on a host, fragmentation must be done before IPsec processing to make
>PMTU discovery work, correct?

The section I cited is from the most recent version of the spec,
arch-sec-06, distributed to the list last week (7/2).  However, B.2 still
makes the same  statement in this version!  I could point out that the
appendices are not normative, but I guess it would be better to just fix it
:-).

Steve

References:

Re: IPsec and Fragmentation

From: Karen Heron <heron@us.ibm.com>

Prev by Date: Re: Signature format and smart cards
Next by Date: RE: simultaneous lifetime type support required?
Prev by thread: Re: IPsec and Fragmentation
Next by thread: Re: IPsec and Fragmentation
Index(es):
- Main
- Thread