[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CONSENSUS TEST: Fragmentation handling

To: Stephen Kent <kent@bbn.com>
Subject: Re: CONSENSUS TEST: Fragmentation handling
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Wed, 07 Apr 2004 18:09:12 +0200
Cc: sommerfeld@east.sun.com, "Theodore Ts'o" <tytso@mit.edu>, Tero Kivinen <kivinen@iki.fi>, Mohan Parthasarathy <mohanp@sbcglobal.net>, ipsec@lists.tislabs.com
In-reply-to: Your message of Wed, 07 Apr 2004 10:29:08 EDT. <p06020408bc99bff88094@[128.89.89.75]>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

   Compliant IPsec implementations have always had to be able to use 
   port numbers in SPD entries, according to 2401. What we are saying 
   here is that IF the user/admin is using port numbers in an SPD entry, 
   AND if he needs to accommodate fragments, THEN support for approach 
   #3 is RECOMMENDED. But, if the IPsec implementation is not capable of 
   supporting reassembly or equivalent, stateful processing, then it 
   need not implement #3.
   
=> so the issue is a wording issue, and what you'd like to get is
a SHOULD for one of the two variants (#2 & #3) for implementations
which support more than #1, isn't this? The idea has to be clear
in the final text, perhaps with an introduction statement to #2 and #3
at the end of #1. BTW we should swap #2 and #3 too.

Thanks

Francis.Dupont@enst-bretagne.fr

Follow-Ups:
- Re: CONSENSUS TEST: Fragmentation handling
  - From: Stephen Kent <kent@bbn.com>

References:
- Re: CONSENSUS TEST: Fragmentation handling
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: IKEv2 security consideration over-statement
Next by Date: RE: CONSENSUS TEST: Fragmentation handling
Previous by thread: Re: CONSENSUS TEST: Fragmentation handling
Next by thread: Re: CONSENSUS TEST: Fragmentation handling
Index(es):
- Date
- Thread