IETF Logo Mail Archive

[IPsec] IKE fragmentation

Tero Kivinen <kivinen@iki.fi> Tue, 12 March 2013 19:49 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 652B611E8165 for <ipsec@ietfa.amsl.com>; Tue, 12 Mar 2013 12:49:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCakpFmF2K2d for <ipsec@ietfa.amsl.com>; Tue, 12 Mar 2013 12:49:18 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) by ietfa.amsl.com (Postfix) with ESMTP id 91A9911E8118 for <ipsec@ietf.org>; Tue, 12 Mar 2013 12:49:17 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.5/8.14.5) with ESMTP id r2CJnEgG025553 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ipsec@ietf.org>; Tue, 12 Mar 2013 21:49:14 +0200 (EET)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.5/8.12.11) id r2CJnEm6005202; Tue, 12 Mar 2013 21:49:14 +0200 (EET)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <20799.34490.611737.922474@fireball.kivinen.iki.fi>
Date: Tue, 12 Mar 2013 21:49:14 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: ipsec@ietf.org
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 6 min
X-Total-Time: 6 min
Subject: [IPsec] IKE fragmentation
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 19:49:18 -0000

Actually I verified the fragmentation support from Finland, and they
said it was requested, but it is not in any product yet, and as Paul
Wouters already commented to list that the problem with some
implementations sending fragmentation regardless whether it was
negotiated or not has already been fixed, I requirement to implement
this quickly has gone...

Anyways, if there is already more implementations doing IKE
framentation, it might be good idea to think whether we should
standardize that. On the other hand I am not sure if they are well
enough documented so that different implementations actually talk each
other...

Anyways we should most likely act fastly if we want to get this fixed
for IKEv2. 
-- 
kivinen@iki.fi

v2.23.0 | Report a Bug | By Email