[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CONSENSUS TEST: Fragmentation handling

To: "Theodore Ts'o" <tytso@mit.edu>
Subject: Re: CONSENSUS TEST: Fragmentation handling
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Tue, 06 Apr 2004 21:32:50 +0200
Cc: Stephen Kent <kent@bbn.com>, Tero Kivinen <kivinen@iki.fi>, Mohan Parthasarathy <mohanp@sbcglobal.net>, ipsec@lists.tislabs.com
In-reply-to: Your message of Tue, 06 Apr 2004 12:27:58 EDT. <20040406162758.GA10072@thunk.org>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

   3. An implementation SHOULD support some form of stateful 
   fragment checking for a tunnel mode SA with non-trivial port field 
   values (not ANY or OPAQUE).

=> either the wording is bad or I disagree. What I understand (which
can be something else the intented meaning) is that stateful fragment
checking is RECOMMENDED and a simple implementation should not just
support -1- and only -1-.

Regards

Francis.Dupont@enst-bretagne.fr

PS: I'll strongly object to any thing stronger than a MAY for stateful
or reassembly strategy on a SG, not only because it makes SGs very
complex but because it is clearly against one of the purpose of IPsec:
to provide confidentiality.

Follow-Ups:
- Re: CONSENSUS TEST: Fragmentation handling
  - From: Stephen Kent <kent@bbn.com>
- Re: CONSENSUS TEST: Fragmentation handling
  - From: "Theodore Ts'o" <tytso@mit.edu>

References:
- CONSENSUS TEST: Fragmentation handling
  - From: "Theodore Ts'o" <tytso@mit.edu>

Prev by Date: Re: Outbound SA Bundle processing
Next by Date: Re: CONSENSUS TEST: Fragmentation handling
Previous by thread: CONSENSUS TEST: Fragmentation handling
Next by thread: Re: CONSENSUS TEST: Fragmentation handling
Index(es):
- Date
- Thread