IETF Logo Mail Archive

RE: Path MTU Discovery

Sanjay Anand <sanjayan@microsoft.com> Sat, 22 February 1997 03:01 UTC

Received: from cnri by ietf.org id aa26870; 21 Feb 97 22:01 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa00386; 21 Feb 97 22:01 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id VAA16293 for ipsec-outgoing; Fri, 21 Feb 1997 21:52:13 -0500 (EST)
Message-ID: <c=US%a=_%p=msft%l=RED-74-MSG-970222011832Z-4004@INET-05-IMC.microsoft.com>
From: Sanjay Anand <sanjayan@microsoft.com>
To: "'ipsec@tis.com'" <ipsec@tis.com>
Subject: RE: Path MTU Discovery
Date: Fri, 21 Feb 1997 17:18:32 -0800
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

>
>> Another point is that fragmentation checking should be done before any
>> IPsec handling takes place (easier and faster).
>
>WRONG FOR OUTBOUND PACKETS!!!  This is in clear violation of RFC 1825.  Lemme
>quote:
>
>>> 3.1 AUTHENTICATION HEADER
> 
><SNIP!>
>
>>>   Fragmentation occurs after the Authentication Header processing for
>>>   outbound packets and prior to Authentication Header processing for
>>>   inbound packets.  The receiver verifies the correctness of the
>
>There actually isn't text in the ESP section, but I'll bet small sums that
>either Ran A. or Steve K. will back me up on this one.
>
>If you meant inbound packets, my bad.
>
>on the inbound side, what does this mean: "fragmentation occurs prior to AH
>processing" 
>does this mean reassembly occurs prior to AH processing ?

v2.29.0 | Report a Bug | By Email | System Status