[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] Two IKEv2 issues from the IESG
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Russ" == Russ Housley <housley@vigilsec.com> writes:
Russ> I suggest the addition of the following text:
Russ> "All IKEv2 implementations MUST be able to receive and
Russ> process packets that are up to 1280 bytes long, and they
Russ> SHOULD be able to receive and process packets that are up to
Russ> 3000 bytes long."
(Sorry to be pedantic here, but I think it is important)
I think that the word "packet" is wrong here.
I think that you mean "datagram" -- seeing as a 3000 byte datagram would
exceed common MTU, it must have been fragmented into multiple frames to
have been received.
The above (corrected) statement also implies to me that an IKEv2 and
host must be prepared to re-assemble at least 3000 bytes bytes worth of
fragment.
Russ> I am not suggesting any protocol changes. Therefore, the
Russ> specification of elliptic curves in the future is still
Russ> viable. In fact, I would like to see that happen in the
Russ> future. However, the inclusion of elliptic curves in Appendix
Russ> B at this time concerns me from a process perspective. I will
Russ> gladly entertain suggestions for a follow-on document in this
Russ> area once the base IKEv2 document is finished.
I think that the answer is that... "They were in IKEv1."
Russ> I suggest the removal of the elliptic curve groups from
Russ> Appendix B.
I don't object.
- --
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQTc2FoqHRg3pndX9AQE6mAP/aJBX4Lvtlh+MDeSAosh3JlVyxid90k29
ZcFWdGCS+EQskZhmcDyCG8GlJFwx2qqFoc1WHEJKgagrkIgfl0meyWFjukbp5j+Q
ZJ5EaECMQWAd0aVES1emNKTMYr+Kxgq0qU6Wu271XZI0v/4MGhoiD+5LVNLDLrpt
SVw0ueSF9bg=
=Xj1t
-----END PGP SIGNATURE-----
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec