[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ipsec] big IKE packets

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: [Ipsec] big IKE packets
From: Tero Kivinen <kivinen@iki.fi>
Date: Wed, 1 Sep 2004 13:20:31 +0300
Cc: ipsec@lists.tislabs.com, pki4ipsec@honor.icsalabs.com
In-reply-to: <14803.1093977688@marajade.sandelman.ottawa.on.ca>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <1093975729.2123.47.camel@suren><14803.1093977688@marajade.sandelman.ottawa.on.ca>
Sender: ipsec-bounces@ietf.org

Michael Richardson writes:
> I wonder if one solution to the problem of large IKE packets
> (that require fragmentation) wouldn't be to define a fragmentation
> header in IKE.

There is also such method, it is called IP. The IP packets already
offers fragmentation, why should we do it again on the IKE level?

If the operating system vendor who implemented IP stack didn't know
how to make the fragmentation, how can you expect him to be able to
make IKE fragmentation to the IPsec stack of the OS?

The only difference would be the separate acks for fragments, but I do
not think this fragmentation in IKE would really help, as it just adds
one more complicated option, and I think people would be leaving the
implementation of it out from their products.

The HTTP transfer of certificates is much better sulution for that.
-- 
kivinen@safenet-inc.com

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

Prev by Date: RE: [Ipsec] big IKE packets
Next by Date: Re: [Ipsec] big IKE packets
Previous by thread: RE: [Ipsec] big IKE packets
Next by thread: Re:[Ipsec] big IKE packets
Index(es):
- Date
- Thread