Re: [Ipsec] big IKE packets

[Paul Koning <pkoning@equallogic.com>]

>>>>> "Michael" == Michael Richardson <mcr@sandelman.ottawa.on.ca> writes:

 Michael> -----BEGIN PGP SIGNED MESSAGE----- I wonder if one solution
 Michael> to the problem of large IKE packets (that require
 Michael> fragmentation) wouldn't be to define a fragmentation header
 Michael> in IKE.

 Michael> I.e. an IKEv2 payload which contains a sequence number, into
 Michael> which fragments of another IKEv2 payload could be placed.

 Michael> The sender would be responsible for making sure that all
 Michael> fragments get sent (since each would be ACK'ed in some way
 Michael> by the receiver).

If we're not satisfied with how IP does fragmentation, wouldn't it be
more reasonable to use TCP -- which handles large packets the right
way?

I dislike inventing new protocols to address previously solved
problems. 

	paul


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec