Theodore Ts'o wrote: > QUESTION 1: Select one of the following > > ____ Both Methods #2 and Method #3 should be a MAY > > ____ One or both of Methods #2 and #3 should be a SHOULD or a MUST > > ___ Method #2 (non-initial fragments get sent to an OPAQUE > SA) should be be SHOULD or MUST > > ___ Method #3 (stateful fragment inspection) should be > SHOULD or MUST) > > ___ Both Method #2 and #3 should be SHOULD or MUST It makes sense to mix non-initial fragments where the initial frags are mixed (Method #1). It makes no security sense to mix some non-initial traffic where the initial fragments are not so mixed. I would consider Method 2 a MUST NOT in that regard. If I have to vote for one of the above, then: __X__ Both Methods #2 and Method #3 should be a MAY > QUESTION 2: Should Method #2 (non-initial fragments) be: > > (you may pick more than one) > > ___ MUST > > ___ SHOULD > > ___ MAY Again, I would go MUST NOT. At best, if I have to pick from above, __X__ MAY > QUESTION 3: Should Method #3 (stateful fragment inspection) be: > > (you may pick more than one) > > ___ MUST > > ___ SHOULD > > ___ MAY _X_ MAY
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec