[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CONSENSUS TEST: Fragmentation handling
In your previous mail you wrote:
> In your previous mail you wrote:
>
> 3. An implementation SHOULD support some form of stateful
> fragment checking for a tunnel mode SA with non-trivial port field
> values (not ANY or OPAQUE).
>
> => either the wording is bad or I disagree. What I understand (which
> can be something else the intented meaning) is that stateful fragment
> checking is RECOMMENDED and a simple implementation should not just
> support -1- and only -1-.
How do you view "RECOMMENDED" as being different from "SHOULD"?
=> I don't and this is the reason of my concern.
> PS: I'll strongly object to any thing stronger than a MAY for stateful
> or reassembly strategy on a SG, not only because it makes SGs very
> complex but because it is clearly against one of the purpose of IPsec:
> to provide confidentiality.
You lost me there. How does incoming fragment reassembly violate the
goal of confidentiality?
=> anything which tries to look at inside my packets violates my
confidentiality, and I don't like this at all from something which
is supposed to protect it. IMHO a router should not look at something
which is not in the IP header, or do you argue we should only use
IPsec end-to-end? (I am not against the idea but this is a bit drastic).
Regards
Francis.Dupont@enst-bretagne.fr