Re: CONSENSUS TEST: Fragmentation handling

["Theodore Ts'o" <tytso@mit.edu>]

On Tue, Apr 06, 2004 at 09:32:50PM +0200, Francis Dupont wrote:
>  In your previous mail you wrote:
> 
>    3. An implementation SHOULD support some form of stateful 
>    fragment checking for a tunnel mode SA with non-trivial port field 
>    values (not ANY or OPAQUE).
> 
> => either the wording is bad or I disagree. What I understand (which
> can be something else the intented meaning) is that stateful fragment
> checking is RECOMMENDED and a simple implementation should not just
> support -1- and only -1-.

How do you view "RECOMMENDED" as being different from "SHOULD"?

> PS: I'll strongly object to any thing stronger than a MAY for stateful
> or reassembly strategy on a SG, not only because it makes SGs very
> complex but because it is clearly against one of the purpose of IPsec:
> to provide confidentiality.

You lost me there.  How does incoming fragment reassembly violate the
goal of confidentiality?

					- Ted