[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CONSENSUS TEST: Fragmentation handling

To: Joe Touch <touch@ISI.EDU>
Subject: Re: CONSENSUS TEST: Fragmentation handling
From: Stephen Kent <kent@bbn.com>
Date: Fri, 9 Apr 2004 15:01:44 -0400
Cc: "Theodore Ts'o" <tytso@mit.edu>, Tero Kivinen <kivinen@iki.fi>, Mohan Parthasarathy <mohanp@sbcglobal.net>, ipsec@lists.tislabs.com
In-reply-to: <4076E2A9.30806@isi.edu>
References: <p06020400bc84e3428b9d@[128.89.89.75]><16480.15529.482315.278735@fireball.acr.fi><p06020405bc8617b47e2c@[128.89.89.75]><016c01c416c3$eb1d8270$861167c0@adithya><p06020400bc90995b65a1@[128.89.89.75]><16492.6896.588750.18184@fireball.acr.fi><p06020407bc91e352bb42@[128.89.89.75]><16493.10872.196792.111195@fireball.acr.fi><p06020418bc932db12995@[128.89.89.75]> <20040406162758.GA10072@thunk.org><p06020418bc98bf8164c1@[128.89.89.75]> <4076E2A9.30806@isi.edu>
Sender: owner-ipsec@lists.tislabs.com

At 10:51 AM -0700 4/9/04, Joe Touch wrote:
>Stephen Kent wrote:
>
>>Ted,
>>
>>>1. All implementations MUST support tunnel mode SAs that pass traffic
>>>without regard to port field values. If the SA will carry traffic for
>>>specified protocols, the two selector sets MUST be used to specify
>>>the port fields for the SA: ANY and OPAQUE. An SA defined in this
>>>fashion will carry all traffic for the indicated source/destination
>>>addresses and specified protocol(s). If the SA will carry traffic
>>>without regard to a specific protocol value (i.e., ANY is specified),
>>>then the port field values MUST be set to ANY as well.
>>
>>
>>Mark Duffy convinced me that we should interpret ANY to encompass 
>>OPAQUE, as I noted in a message last week. So this part should be 
>>reworded to say:
>>
>>  1. All implementations MUST support tunnel mode SAs that pass traffic
>>without regard to port field values. If the SA will carry traffic for
>>specified protocols, the selector set for the SA MUST specify the 
>>port fields values as ANY.  An SA defined in this fashion will 
>>carry all traffic for the indicated source/destination  addresses 
>>and specified protocol(s). If the SA will carry traffic without 
>>regard to a specific protocol value (i.e., ANY is specified for the 
>>protocol field), then the port field values MUST be set to ANY as 
>>well.
>>
>>
>>Steve
>
>
>In the last case, it might be worth noting that if the protocol 
>field is ANY, then the port field values are undefined anyway.
>
>(the reason is to preclude an implementation that interprets "ANY" 
>protocol with "ANY" port to include only protocols that have ports.)
>
>Joe

agreed.

Steve

References:
- Re: 2nd try
  - From: Tero Kivinen <kivinen@iki.fi>
- Re: 2nd try
  - From: Stephen Kent <kent@bbn.com>
- Re: 2nd try
  - From: Tero Kivinen <kivinen@iki.fi>
- Re: 2nd try
  - From: Stephen Kent <kent@bbn.com>
- CONSENSUS TEST: Fragmentation handling
  - From: "Theodore Ts'o" <tytso@mit.edu>
- Re: CONSENSUS TEST: Fragmentation handling
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Question on Issue#74: Inbound SA lookup - multicast & unicast
Next by Date: Re: Question about Version Numbers
Previous by thread: Re: CONSENSUS TEST: Fragmentation handling
Next by thread: Re: CONSENSUS TEST: Fragmentation handling
Index(es):
- Date
- Thread