[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] big IKE packets

To: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Subject: Re: [Ipsec] big IKE packets
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 31 Aug 2004 19:59:52 -0400
Cc: ipsec@lists.tislabs.com, pki4ipsec@honor.icsalabs.com
In-reply-to: Message from Paul Hoffman / VPNC <paul.hoffman@vpnc.org> of "Tue,31 Aug 2004 16:23:27 PDT." <p06110474bd5ab88a26c3@[10.20.30.249]>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <1093975729.2123.47.camel@suren><14803.1093977688@marajade.sandelman.ottawa.on.ca><16692.51923.636395.47486@gargle.gargle.HOWL><16035.1093979493@marajade.sandelman.ottawa.on.ca><16692.54339.116599.315927@gargle.gargle.HOWL><18117.1093983805@marajade.sandelman.ottawa.on.ca><p06110474bd5ab88a26c3@[10.20.30.249]>
Sender: ipsec-bounces@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "VPNC" == VPNC  <Paul> writes:
    VPNC> It would be a lot easier for those of us who think "let's not
    VPNC> re-invent TCP in IKEv2" to know what you are talking about if
    VPNC> we had an Internet Draft will your full proposal for the
    VPNC> fragment handling. Without that, we'll just keep saying "it's
    VPNC> too hard, and it's not important enough" and you'll keep
    VPNC> saying "it really isn't, and it is important".

  Remember, that I'm the guy who thinks that one of the reasons that 
certificates shouldn't be exchanged in-band is because of problems like
this :-)
  I do, however, hate PSK, and want it to go away, so if solving this
problem makes progress, then I'm willing to help.

  I twigged on this after reading parts of the last month of the
pki4ipsec list, and started to think about it in the shower or
something.

  I would be happy to write a document --- but others need to say, "yes,
solving the cert too-big-for-MTU is important".

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQTUQ9oqHRg3pndX9AQF4DwP/WsD+KsE3O+e+HXZ/kyQL6k1kBAHXfik0
iI5jK3/su22KOifPqcTxPjDLp/zYAyd299SNbL8jmKiRNE6jSlC0+Kohjt5DcqhV
gaGNHbihklX/7ve5YIhpyMo5h8BkN5lSFeEGY9JFxteCac3xlvtGz2/x8uPAZrJb
tY6AC9xCxLA=
=mJaA
-----END PGP SIGNATURE-----

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

References:
- [Ipsec] HASH and URL
  - From: suren <suren@intotoinc.com>
- [Ipsec] big IKE packets
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: [Ipsec] big IKE packets
  - From: Paul Koning <pkoning@equallogic.com>
- Re: [Ipsec] big IKE packets
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: [Ipsec] big IKE packets
  - From: Paul Koning <pkoning@equallogic.com>
- Re: [Ipsec] big IKE packets
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: [Ipsec] big IKE packets
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: [Ipsec] foto
Previous by thread: Re: [Ipsec] big IKE packets
Next by thread: Re: [Ipsec] big IKE packets
Index(es):
- Date
- Thread