Re: Issue #88: Lift the prohibition on red-side fragmentation bySG, BITS, BITW

[Karen Seo <kseo@bbn.com>]

Hi Ted,

How about if we put the text below in the outbound processing section 
at the end of section "5.1 Outbound IP Traffic Processing 
(protected-to-unprotected)" before the section "5.1.1  Handling an 
Outbound Packet That Must Be Dropped"?

>While reviewing draft-ietf-ipsec-rfc2401bis-01.txt, it appears that
>the text that was inserted for issue #88:
>
>      An SG, BITS, or BITW implementation MAY fragment packets before
>      applying IPsec.  The device SHOULD have a configuration setting
>      to disable this.  The resulting fragments are evaluated against
>      the SPD in the normal manner.  Thus, fragments not containing port
>      numbers may only match rules having port selectors of "opaque" or
>      "wildcard".
>
>was inserted in section 6.
>
>6. ICMP Processing [This section will be filled in when IPsec issue # 91
>    is resolved. The following text needs to be inserted somewhere,
>    possibly this section.]
>
>This was probably not the right place, since the fragmentation issue
>really isn't related to ICMP processing, strictly speaking.
>
>Comments?

Thanks for the feedback,
Karen