[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] Two IKEv2 issues from the IESG

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: [Ipsec] Two IKEv2 issues from the IESG
From: Russ Housley <housley@vigilsec.com>
Date: Thu, 02 Sep 2004 12:36:35 -0400
Cc: ipsec@ietf.org, margaret@thingmagic.com, narten@us.ibm.com
In-reply-to: <29377.1094137368@marajade.sandelman.ottawa.on.ca>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <6.1.1.1.2.20040902090413.05449ec0@mail.binhost.com><29377.1094137368@marajade.sandelman.ottawa.on.ca>
Sender: ipsec-bounces@ietf.org

Michael:

>     Russ> I suggest the addition of the following text:
>
>     Russ>     "All IKEv2 implementations MUST be able to receive and
>     Russ> process packets that are up to 1280 bytes long, and they
>     Russ> SHOULD be able to receive and process packets that are up to
>     Russ> 3000 bytes long."
>
>   (Sorry to be pedantic here, but I think it is important)
>
>   I think that the word "packet" is wrong here.
>
>   I think that you mean "datagram" -- seeing as a 3000 byte datagram would
>exceed common MTU, it must have been fragmented into multiple frames to
>have been received.
>
>   The above (corrected) statement also implies to me that an IKEv2 and
>host must be prepared to re-assemble at least 3000 bytes bytes worth of
>fragment.

I see your point.  If we take this approach, then we need to remove the IP 
header and UDP header sizes from the mandatory-to-support size.

Russ


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

Follow-Ups:
- Re: [Ipsec] Two IKEv2 issues from the IESG
  - From: Paul Koning <pkoning@equallogic.com>

References:
- [Ipsec] Two IKEv2 issues from the IESG
  - From: Russ Housley <housley@vigilsec.com>
- Re: [Ipsec] Two IKEv2 issues from the IESG
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: [Ipsec] Fwd: Re: Two IKEv2 issues from the IESG
Next by Date: Re: [Pki4ipsec] Re: [Ipsec] big IKE packets
Previous by thread: Re: [Ipsec] Two IKEv2 issues from the IESG
Next by thread: Re: [Ipsec] Two IKEv2 issues from the IESG
Index(es):
- Date
- Thread