Re: CONSENSUS TEST: Fragmentation handling

[Francis Dupont <Francis.Dupont@enst-bretagne.fr>]

 In your previous mail you wrote:

   >  In your previous mail you wrote:
   > 
   >    3. An implementation SHOULD support some form of stateful 
   >    fragment checking for a tunnel mode SA with non-trivial port field 
   >    values (not ANY or OPAQUE).
   > 
   > => either the wording is bad or I disagree. What I understand (which
   > can be something else the intented meaning) is that stateful fragment
   > checking is RECOMMENDED and a simple implementation should not just
   > support -1- and only -1-.
   
   How do you view "RECOMMENDED" as being different from "SHOULD"?
   
=> I don't and this is the reason of my concern.

   > PS: I'll strongly object to any thing stronger than a MAY for stateful
   > or reassembly strategy on a SG, not only because it makes SGs very
   > complex but because it is clearly against one of the purpose of IPsec:
   > to provide confidentiality.
   
   You lost me there.  How does incoming fragment reassembly violate the
   goal of confidentiality?
   
=> anything which tries to look at inside my packets violates my
confidentiality, and I don't like this at all from something which
is supposed to protect it. IMHO a router should not look at something
which is not in the IP header, or do you argue we should only use
IPsec end-to-end? (I am not against the idea but this is a bit drastic).

Regards

Francis.Dupont@enst-bretagne.fr