[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue #88: Lift the prohibition on red-side fragmentation by SG, BITS, BITW

To: kseo@bbn.com, ipsec@lists.tislabs.com
Subject: Issue #88: Lift the prohibition on red-side fragmentation by SG, BITS, BITW
From: "Theodore Ts'o" <tytso@mit.edu>
Date: Tue, 27 Jan 2004 16:43:48 -0500
Phone: (781) 391-3464
Sender: owner-ipsec@lists.tislabs.com

Hi Karen,

While reviewing draft-ietf-ipsec-rfc2401bis-01.txt, it appears that
the text that was inserted for issue #88:

     An SG, BITS, or BITW implementation MAY fragment packets before
     applying IPsec.  The device SHOULD have a configuration setting
     to disable this.  The resulting fragments are evaluated against
     the SPD in the normal manner.  Thus, fragments not containing port
     numbers may only match rules having port selectors of "opaque" or
     "wildcard".

was inserted in section 6.

6. ICMP Processing [This section will be filled in when IPsec issue # 91
   is resolved. The following text needs to be inserted somewhere,
   possibly this section.]

This was probably not the right place, since the fragmentation issue
really isn't related to ICMP processing, strictly speaking.

Comments?

							- Ted

Follow-Ups:
- Re: Issue #88: Lift the prohibition on red-side fragmentation bySG, BITS, BITW
  - From: Karen Seo <kseo@bbn.com>

Prev by Date: Re: SPD Syntax Example
Next by Date: Issue #83: Generation of ICMP responses for inbound packet requiring IPSEC protection
Previous by thread: next pass at SPD syntax
Next by thread: Re: Issue #88: Lift the prohibition on red-side fragmentation bySG, BITS, BITW
Index(es):
- Date
- Thread