Re: CERT_REQ_PAYLOAD usage
Francis Dupont <Francis.Dupont@enst-bretagne.fr> Wed, 27 September 2000 11:05 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id EAA19786; Wed, 27 Sep 2000 04:05:06 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id FAA18954 Wed, 27 Sep 2000 05:39:40 -0400 (EDT)
Message-Id: <200009270949.LAA62994@givry.rennes.enst-bretagne.fr>
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
To: William Dixon <wdixon@Exchange.Microsoft.com>
cc: Tero Kivinen <kivinen@ssh.fi>, Brian Swander <briansw@Exchange.Microsoft.com>, kaijun gu <kaijun_gu@rapidstream.com>, Scott Fanning <sfanning@cisco.com>, IPsec List <ipsec@lists.tislabs.com>
Subject: Re: CERT_REQ_PAYLOAD usage
In-reply-to: Your message of Tue, 26 Sep 2000 22:55:22 PDT. <6A05D00595BE644E9F435BE5947423F2FFC60C@fifi.platinum.corp.microsoft.com>
Date: Wed, 27 Sep 2000 11:49:52 +0200
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
In your previous mail you wrote: In almost all IKE implementations there is no path MTU discovery, and no way to reduce the size of the UDP payload because you can't interoperable send payloads in different exchanges. => with IPv6 IKE *should* use the IPV6_USE_MIN_MTU socket option (IPv6 is a bit different: - there is no "en route" fragmentation, ie. fragmentation is end-to-end - path MTU discovery is mandatory (but doesn't work well with IKE) - there is some user control on path MTU (including this socket option) - minimal MTU is 1280 bytes (ie. far more than IPv4 68 bytes)) Regards Francis.Dupont@enst-bretagne.fr PS: I've sent this message in order to have this point in the archives. PPS: from draft-ietf-ipngwg-rfc2292bis-01.txt: 11.1. Sending with the Minimum MTU Some applications might not want to incur the overhead of path MTU discovery, especially if the applications only send a single datagram to a destination. A potential example is a DNS server. This specification defines a mechanism to avoid fragmentation by sending at the minimum IPv6 MTU (1280 bytes). This can be enabled using the IPV6_USE_MIN_MTU socket option. int on = 1; setsockopt(fd, IPPROTO_IPV6, IPV6_USE_MIN_MTU, &on, sizeof(on)); By default, this socket option is disabled. Setting the value to 0 also disables the option. This option can also be sent as ancillary data.
- CERT_REQ_PAYLOAD usage Scott Fanning
- RE: CERT_REQ_PAYLOAD usage kaijun gu
- CERT_REQ_PAYLOAD usage Tero Kivinen
- RE: CERT_REQ_PAYLOAD usage William Dixon
- RE: CERT_REQ_PAYLOAD usage William Dixon
- RE: CERT_REQ_PAYLOAD usage Jan Vilhuber
- RE: CERT_REQ_PAYLOAD usage Brian Swander
- RE: CERT_REQ_PAYLOAD usage William Dixon
- RE: CERT_REQ_PAYLOAD usage Tero Kivinen
- RE: CERT_REQ_PAYLOAD usage Tero Kivinen
- RE: CERT_REQ_PAYLOAD usage William Dixon
- RE: CERT_REQ_PAYLOAD usage William Dixon
- Re: CERT_REQ_PAYLOAD usage Francis Dupont