[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] STRAW POLL: Handling of fragments in RFC-2401bis (section7)
Theodore Ts'o wrote:
> QUESTION 1: Select one of the following
>
> ____ Both Methods #2 and Method #3 should be a MAY
>
> ____ One or both of Methods #2 and #3 should be a SHOULD or a MUST
>
> ___ Method #2 (non-initial fragments get sent to an OPAQUE
> SA) should be be SHOULD or MUST
>
> ___ Method #3 (stateful fragment inspection) should be
> SHOULD or MUST)
>
> ___ Both Method #2 and #3 should be SHOULD or MUST
>
For implementations supporting port/protocol SA differentials, Method #3
should be a SHOULD or MUST.
> QUESTION 2: Should Method #2 (non-initial fragments) be:
>
> (you may pick more than one)
>
> ___ MUST
>
> ___ SHOULD
>
> ___ MAY
>
>
NONE of the above - why even mention this? I doubt there are many 100%
compliant implementations for the first round of ipsec, and find it
highly unlikely that this will change. Implementations that don't care
about fragment security probably don't care about port/protocol
differentiation. The two seem incompatible and unlikely. I can't believe
we've wasted so much time/energy on this.
> QUESTION 3: Should Method #3 (stateful fragment inspection) be:
>
> (you may pick more than one)
>
> ___ MUST
>
> ___ SHOULD
>
> ___ MAY
>
SHOULD.
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec