[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CONSENSUS TEST: Fragmentation handling
At 6:09 PM +0200 4/7/04, Francis Dupont wrote:
> In your previous mail you wrote:
>
> Compliant IPsec implementations have always had to be able to use
> port numbers in SPD entries, according to 2401. What we are saying
> here is that IF the user/admin is using port numbers in an SPD entry,
> AND if he needs to accommodate fragments, THEN support for approach
> #3 is RECOMMENDED. But, if the IPsec implementation is not capable of
> supporting reassembly or equivalent, stateful processing, then it
> need not implement #3.
>
>=> so the issue is a wording issue, and what you'd like to get is
>a SHOULD for one of the two variants (#2 & #3) for implementations
>which support more than #1, isn't this? The idea has to be clear
>in the final text, perhaps with an introduction statement to #2 and #3
>at the end of #1. BTW we should swap #2 and #3 too.
#1 is a MUST, so there is no ambiguity there, and, so far no disagreement.
I want every implementation to support either #2 or #3, so that we
have a good chance of having some way to accommodate fragments for
port-specific SAs.
Maybe we should just say that every implementation MUST support
either #2 of #3.
Steve