[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CONSENSUS TEST: Fragmentation handling



At 12:27 PM 4/6/2004 -0400, Theodore Ts'o wrote:
>OK, do we have have consensus on the following text?  (Taken from
>Steve's message of March 22nd, with #2 changed to MAY and #3 changed
>to SHOULD).
>
>Please respond by Friday....

Hi Ted,

I had raised several points on this that I believe Steve agreed to and no 
one else commented on:

a) For modes #1 and #2, the document should mention that the same behavior 
must apply for drop and bypass rules.  (I think Steve wanted to put it in 
another section.)

b) For mode #3 the text should be extended to state that if the #3 behavior 
has been negotiated, the receiver MUST NOT accept non-initial fragments 
without verifying that they comply with the security policy called for for 
the overall packet.

c) Port selector ANY should include OPAQUE as well as all specific 
values.  I.e. an opaque port number in a packet should match a policy that 
has the value ANY.


Beyond that, I would much rather make both #2 and #3 be MAY and 
MAY.  (Rather than MAY and SHOULD.)

--Mark