Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-fragmentation-03.txt
Tero Kivinen <kivinen@iki.fi> Thu, 10 October 2013 12:59 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36A3411E8165 for <ipsec@ietfa.amsl.com>; Thu, 10 Oct 2013 05:59:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Os363DmFCLQW for <ipsec@ietfa.amsl.com>; Thu, 10 Oct 2013 05:59:54 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) by ietfa.amsl.com (Postfix) with ESMTP id 2D81A21E8103 for <ipsec@ietf.org>; Thu, 10 Oct 2013 05:59:31 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.7/8.14.5) with ESMTP id r9ACxLxB007316 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 10 Oct 2013 15:59:21 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.7/8.12.11) id r9ACxKL2010598; Thu, 10 Oct 2013 15:59:20 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <21078.42152.502994.298696@fireball.kivinen.iki.fi>
Date: Thu, 10 Oct 2013 15:59:20 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
In-Reply-To: <5256426B.4030707@gmail.com>
References: <20131004123552.12797.87073.idtracker@ietfa.amsl.com> <44D6A1836A274C98907D95D59E530FE6@buildpc> <524EC6D8.9040006@gmail.com> <8B0A76CCEF2F4C65A9101BBD717B5C0F@buildpc> <alpine.LFD.2.10.1310041144500.10965@bofh.nohats.ca> <E46CD124E88F442495758F38BC026897@chichi> <alpine.LFD.2.10.1310081048530.7675@bofh.nohats.ca> <1B20E03AB216428AA7F16B898AA49FFD@buildpc> <5256426B.4030707@gmail.com>
X-Mailer: VM 8.2.0b under 24.3.1 (x86_64--netbsd)
X-Edit-Time: 2 min
X-Total-Time: 1 min
Cc: ipsec@ietf.org, Valery Smyslov <svanru@gmail.com>, Paul Wouters <paul@cypherpunks.ca>
Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-fragmentation-03.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 12:59:56 -0000
Yaron Sheffer writes: > I'm even more worried that if we use small fragments, reliability will > deteriorate. Because we do not have per-packet acknowledgement, and so > if any fragment is dropped, the whole message must be resent. This is > probably a greater risk in mobile networks. The fix there is to use IP level fragmentation... And only switch to use small IKEv2 level fragmented packets if that does not work. This whole protocol is only needed on the broken networks, so it does not matter if it is very suboptimal, as we can always say that if you enable fragmentation support on your devices, things will work better. -- kivinen@iki.fi
- [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-frag… internet-drafts
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Valery Smyslov
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Yaron Sheffer
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Valery Smyslov
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Paul Wouters
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Valery Smyslov
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Paul Wouters
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Tero Kivinen
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Paul Wouters
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Tero Kivinen
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Valery Smyslov
- Re: [IPsec] I-D Action:draft-ietf-ipsecme-ikev2-f… Valery Smyslov
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Yaron Sheffer
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Valery Smyslov
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Valery Smyslov
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Tero Kivinen
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Paul Hoffman
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Valery Smyslov
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Mike Sullenberger (mls)
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Yoav Nir
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-… Mike Sullenberger (mls)
- Re: [IPsec] I-D Action:draft-ietf-ipsecme-ikev2-f… Valery Smyslov