[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CONSENSUS TEST: Fragmentation handling
In your previous mail you wrote:
Compliant IPsec implementations have always had to be able to use
port numbers in SPD entries, according to 2401. What we are saying
here is that IF the user/admin is using port numbers in an SPD entry,
AND if he needs to accommodate fragments, THEN support for approach
#3 is RECOMMENDED. But, if the IPsec implementation is not capable of
supporting reassembly or equivalent, stateful processing, then it
need not implement #3.
=> so the issue is a wording issue, and what you'd like to get is
a SHOULD for one of the two variants (#2 & #3) for implementations
which support more than #1, isn't this? The idea has to be clear
in the final text, perhaps with an introduction statement to #2 and #3
at the end of #1. BTW we should swap #2 and #3 too.
Thanks
Francis.Dupont@enst-bretagne.fr