[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] big IKE packets
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "VPNC" == VPNC <Paul> writes:
VPNC> It would be a lot easier for those of us who think "let's not
VPNC> re-invent TCP in IKEv2" to know what you are talking about if
VPNC> we had an Internet Draft will your full proposal for the
VPNC> fragment handling. Without that, we'll just keep saying "it's
VPNC> too hard, and it's not important enough" and you'll keep
VPNC> saying "it really isn't, and it is important".
Remember, that I'm the guy who thinks that one of the reasons that
certificates shouldn't be exchanged in-band is because of problems like
this :-)
I do, however, hate PSK, and want it to go away, so if solving this
problem makes progress, then I'm willing to help.
I twigged on this after reading parts of the last month of the
pki4ipsec list, and started to think about it in the shower or
something.
I would be happy to write a document --- but others need to say, "yes,
solving the cert too-big-for-MTU is important".
- --
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQTUQ9oqHRg3pndX9AQF4DwP/WsD+KsE3O+e+HXZ/kyQL6k1kBAHXfik0
iI5jK3/su22KOifPqcTxPjDLp/zYAyd299SNbL8jmKiRNE6jSlC0+Kohjt5DcqhV
gaGNHbihklX/7ve5YIhpyMo5h8BkN5lSFeEGY9JFxteCac3xlvtGz2/x8uPAZrJb
tY6AC9xCxLA=
=mJaA
-----END PGP SIGNATURE-----
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec