[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI QUESTION: 3.3 Size of messages
William Dixon has pointed out the problems of large UDP packets in IKE
(usually due to certificates) a few times.
Although this isn't quite what the question below is about, I think we
need to look at how we might handle large packets like this. I assume
this would be an issue in either protocol (IKEv2 or JFK), so this
would have to be a generalized debate.
Some (note very good) thoughts:
- Provide a URL for a certificate instead of the certificate (thus
removing the certificate from the actual packet, making it smaller).
- Provide some SOI fragmentation mechanism, so we don't have to rely
on IP fragmentation. Yuck. I don't even want to think about this.
jan
On Fri, 21 Jun 2002, Theodore Ts'o wrote:
>
> Notes from the chair:
>
> >From reviewing the discussion in section 3.3 of the soi-features
> document, it did not appear there were any material differences in the
> message sizes between IKE or JFK. If others disagree with this
> assessment, please state why, and why you think this is important for a
> particular scenario.
>
>
> 3.3 Size of messages
>
> There is no significant difference in the size of messages in the two
> protocols.
>
> Implications from the scenarios:
>
> [none]
>
--
Jan Vilhuber vilhuber@cisco.com
Cisco Systems, San Jose (408) 527-0847
http://www.eff.org/cafe