[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SOI QUESTION: 3.3 Size of messages

To: "'Jan Vilhuber'" <vilhuber@cisco.com>
Subject: RE: SOI QUESTION: 3.3 Size of messages
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: 25 Jun 2002 23:33:15 -0400
Cc: "'list'" <ipsec@lists.tislabs.com>
Importance: Normal
In-Reply-To: <Pine.LNX.4.33.0206251929280.1819-100000@janpc-home.cisco.com>
Reply-To: andrew.krywaniuk@alcatel.com
Sender: owner-ipsec@lists.tislabs.com

> Some (note very good) thoughts:
>
> - Provide a URL for a certificate instead of the certificate (thus
>   removing the certificate from the actual packet, making it smaller).

Let us not forget that Paul already published a [IMHO very satisfactory]
draft on how to do this.

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.



> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Jan Vilhuber
> Sent: Tuesday, June 25, 2002 10:33 PM
> To: Theodore Ts'o
> Cc: ipsec@lists.tislabs.com
> Subject: Re: SOI QUESTION: 3.3 Size of messages
>
>
> William Dixon has pointed out the problems of large UDP packets in IKE
> (usually due to certificates) a few times.
>
> Although this isn't quite what the question below is about, I think we
> need to look at how we might handle large packets like this. I assume
> this would be an issue in either protocol (IKEv2 or JFK), so this
> would have to be a generalized debate.
>
> Some (note very good) thoughts:
>
> - Provide a URL for a certificate instead of the certificate (thus
>   removing the certificate from the actual packet, making it smaller).
>
> - Provide some SOI fragmentation mechanism, so we don't have to rely
>   on IP fragmentation. Yuck. I don't even want to think about this.
>
> jan
>
>
> On Fri, 21 Jun 2002, Theodore Ts'o wrote:
>
> >
> > Notes from the chair:
> >
> > >From reviewing the discussion in section 3.3 of the soi-features
> > document, it did not appear there were any material
> differences in the
> > message sizes between IKE or JFK.  If others disagree with this
> > assessment, please state why, and why you think this is
> important for a
> > particular scenario.
> >
> >
> > 3.3 Size of messages
> >
> > There is no significant difference in the size of messages
> in the two
> > protocols.
> >
> > Implications from the scenarios:
> >
> > [none]
> >
>
>  --
> Jan Vilhuber
> vilhuber@cisco.com
> Cisco Systems, San Jose
> (408) 527-0847
>
> http://www.eff.org/cafe
>

References:
- Re: SOI QUESTION: 3.3 Size of messages
  - From: Jan Vilhuber <vilhuber@cisco.com>

Prev by Date: RE: SOI QUESTION: 4.2 Creating multiple SAs for a single pair of entities
Next by Date: I-D ACTION:draft-ietf-ipsec-nat-t-ike-03.txt
Prev by thread: Re: SOI QUESTION: 3.3 Size of messages
Next by thread: new I-D
Index(es):
- Date
- Thread