[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] Two IKEv2 issues from the IESG

To: Russ Housley <housley@vigilsec.com>
Subject: Re: [Ipsec] Two IKEv2 issues from the IESG
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Thu, 02 Sep 2004 11:02:48 -0400
Cc: ipsec@ietf.org, margaret@thingmagic.com, narten@us.ibm.com
In-reply-to: Message from Russ Housley <housley@vigilsec.com> of "Thu,02 Sep 2004 09:53:55 EDT."<6.1.1.1.2.20040902090413.05449ec0@mail.binhost.com>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <6.1.1.1.2.20040902090413.05449ec0@mail.binhost.com>
Sender: ipsec-bounces@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Russ" == Russ Housley <housley@vigilsec.com> writes:
    Russ> I suggest the addition of the following text:

    Russ>     "All IKEv2 implementations MUST be able to receive and
    Russ> process packets that are up to 1280 bytes long, and they
    Russ> SHOULD be able to receive and process packets that are up to
    Russ> 3000 bytes long."

  (Sorry to be pedantic here, but I think it is important)

  I think that the word "packet" is wrong here.

  I think that you mean "datagram" -- seeing as a 3000 byte datagram would
exceed common MTU, it must have been fragmented into multiple frames to
have been received.

  The above (corrected) statement also implies to me that an IKEv2 and
host must be prepared to re-assemble at least 3000 bytes bytes worth of
fragment.
  
    Russ> I am not suggesting any protocol changes.  Therefore, the
    Russ> specification of elliptic curves in the future is still
    Russ> viable.  In fact, I would like to see that happen in the
    Russ> future.  However, the inclusion of elliptic curves in Appendix
    Russ> B at this time concerns me from a process perspective.  I will
    Russ> gladly entertain suggestions for a follow-on document in this
    Russ> area once the base IKEv2 document is finished.

  I think that the answer is that... "They were in IKEv1."

    Russ> I suggest the removal of the elliptic curve groups from
    Russ> Appendix B.

  I don't object.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQTc2FoqHRg3pndX9AQE6mAP/aJBX4Lvtlh+MDeSAosh3JlVyxid90k29
ZcFWdGCS+EQskZhmcDyCG8GlJFwx2qqFoc1WHEJKgagrkIgfl0meyWFjukbp5j+Q
ZJ5EaECMQWAd0aVES1emNKTMYr+Kxgq0qU6Wu271XZI0v/4MGhoiD+5LVNLDLrpt
SVw0ueSF9bg=
=Xj1t
-----END PGP SIGNATURE-----

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

Follow-Ups:
- Re: [Ipsec] Two IKEv2 issues from the IESG
  - From: Russ Housley <housley@vigilsec.com>

References:
- [Ipsec] Two IKEv2 issues from the IESG
  - From: Russ Housley <housley@vigilsec.com>

Prev by Date: [Ipsec] Two IKEv2 issues from the IESG
Next by Date: Re: [Ipsec] Two IKEv2 issues from the IESG
Previous by thread: [Ipsec] Two IKEv2 issues from the IESG
Next by thread: Re: [Ipsec] Two IKEv2 issues from the IESG
Index(es):
- Date
- Thread