Re: CONSENSUS TEST: Fragmentation handling

[Stephen Kent <kent@bbn.com>]

At 6:09 PM +0200 4/7/04, Francis Dupont wrote:
>  In your previous mail you wrote:
>
>    Compliant IPsec implementations have always had to be able to use
>    port numbers in SPD entries, according to 2401. What we are saying
>    here is that IF the user/admin is using port numbers in an SPD entry,
>    AND if he needs to accommodate fragments, THEN support for approach
>    #3 is RECOMMENDED. But, if the IPsec implementation is not capable of
>    supporting reassembly or equivalent, stateful processing, then it
>    need not implement #3.
>   
>=> so the issue is a wording issue, and what you'd like to get is
>a SHOULD for one of the two variants (#2 & #3) for implementations
>which support more than #1, isn't this? The idea has to be clear
>in the final text, perhaps with an introduction statement to #2 and #3
>at the end of #1. BTW we should swap #2 and #3 too.

#1 is a MUST, so there is no ambiguity there, and, so far no disagreement.

I want every implementation to support either #2 or #3, so that we 
have a good chance of having some way to accommodate fragments for 
port-specific SAs.
Maybe we should just say that every implementation MUST support 
either #2 of #3.

Steve