[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] STRAW POLL: Handling of fragments in RFC-2401bis (section7)
> QUESTION 1: Select one of the following
>
> _X__ Both Methods #2 and Method #3 should be a MAY
>
> ____ One or both of Methods #2 and #3 should be a SHOULD or a MUST
>
> ___ Method #2 (non-initial fragments get sent to an OPAQUE
> SA) should be be SHOULD or MUST
>
> ___ Method #3 (stateful fragment inspection) should be
> SHOULD or MUST)
>
> ___ Both Method #2 and #3 should be SHOULD or MUST
But, I would prefer
Method #3 should be a MAY (Method #2 MUST NOT)
> QUESTION 2: Should Method #2 (non-initial fragments) be:
I consider Method #2 "dirty hack". If your policy says that traffic
matching a selector must be protected by the specific security, then
it should apply to everything, including fragments (initial and
non-initial).
But, if people insist on having #2 as option, I don't object if it
stays as "MAY".
> QUESTION 3: Should Method #3 (stateful fragment inspection) be:
> ___ MUST
>
> ___ SHOULD
>
> _X_ MAY
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec