[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CONSENSUS TEST: Fragmentation handling

To: vamsi <vamsi@intotoinc.com>
Subject: Re: CONSENSUS TEST: Fragmentation handling
From: Stephen Kent <kent@bbn.com>
Date: Wed, 7 Apr 2004 10:06:01 -0400
Cc: "Theodore Ts'o" <tytso@mit.edu>, Tero Kivinen <kivinen@iki.fi>, Mohan Parthasarathy <mohanp@sbcglobal.net>, ipsec@lists.tislabs.com
In-reply-to: <5.2.0.9.0.20040406154936.039aa6c8@10.1.5.10>
References: <p06020418bc932db12995@[128.89.89.75]><p06020400bc84e3428b9d@[128.89.89.75]><16480.15529.482315.278735@fireball.acr.fi><p06020405bc8617b47e2c@[128.89.89.75]><016c01c416c3$eb1d8270$861167c0@adithya><p06020400bc90995b65a1@[128.89.89.75]><16492.6896.588750.18184@fireball.acr.fi><p06020407bc91e352bb42@[128.89.89.75]><16493.10872.196792.111195@fireball.acr.fi><p06020418bc932db12995@[128.89.89.75]><5.2.0.9.0.20040406154936.039aa6c8@10.1.5.10>
Sender: owner-ipsec@lists.tislabs.com

Vamsi,

	<SNIP>

>It seems fine to me, but I have these comments.
>1. Case 3 can be made as 'MAY'.
>2. When case 2 is not employed and when communicating security gateways
>     don't agree on, as mentioned in case3, the sender implementations, in my
>     view, MUST not drop the packets and use mechanisms such as 'reassembly'.
>     So, it would be better to indicate this explicitly in the text.
>
>Vamsi

I have no idea what you mean in comment #2 above.

If an implementation does not support the fragments-only SA approach, 
and does not successfully negotiate an SA for which the peer agrees 
to accept fragments and perform some form of stateful checking, the 
the implementation cannot send fragments for the traffic 
corresponding to the SA in question. is that what you want added?

Steve

References:
- Re: 2nd try
  - From: Stephen Kent <kent@bbn.com>
- Re: 2nd try
  - From: Tero Kivinen <kivinen@iki.fi>
- Re: 2nd try
  - From: Stephen Kent <kent@bbn.com>
- Re: 2nd try
  - From: Tero Kivinen <kivinen@iki.fi>
- Re: CONSENSUS TEST: Fragmentation handling
  - From: vamsi <vamsi@intotoinc.com>

Prev by Date: Re: CONSENSUS TEST: Fragmentation handling
Next by Date: Re: SPD Policies - Backward compatibility
Previous by thread: Re: CONSENSUS TEST: Fragmentation handling
Next by thread: Re: 2nd try
Index(es):
- Date
- Thread