Re: [IPsec] IKE fragmentation

"Valery Smyslov" <svanru@gmail.com> Wed, 13 March 2013 14:51 UTC

Return-Path: <svanru@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D623721F8E3A for <ipsec@ietfa.amsl.com>; Wed, 13 Mar 2013 07:51:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.819
X-Spam-Level:
X-Spam-Status: No, score=0.819 tagged_above=-999 required=5 tests=[AWL=-0.883, BAYES_00=-2.599, DOS_OE_TO_MX=2.75, FH_RELAY_NODNS=1.451, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id akZEj8wSErlv for <ipsec@ietfa.amsl.com>; Wed, 13 Mar 2013 07:51:52 -0700 (PDT)
Received: from mail-la0-x229.google.com (mail-la0-x229.google.com [IPv6:2a00:1450:4010:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id 73FA921F8E3D for <ipsec@ietf.org>; Wed, 13 Mar 2013 07:51:48 -0700 (PDT)
Received: by mail-la0-f41.google.com with SMTP id fo12so1230494lab.28 for <ipsec@ietf.org>; Wed, 13 Mar 2013 07:51:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:from:to:cc:references:subject:date :mime-version:content-type:content-transfer-encoding:x-priority :x-msmail-priority:x-mailer:x-mimeole; bh=086J1UK3hL5L+58YNZW19iXSH9nnBlHriaUFfNKaUds=; b=e4MJqNsIBXB25UuylQCjZ20f/2ZjGGlMjy1XrWbRWi+a0w1YDE7OfwJF0yJMu3QywH 4G/seCcdC3y7vYKPpyACh1upB1v+E6zPDSXeTGqYBsxhRdm2zYW7hFH9aignAbJQH+C9 xJIpp6qlJQ7LrMd8FY6veabxD4Y6TcvoHxtmIQ/lfqnwiB8G8hma1VCS5H3ei8PUwFes VSTsUoEgDREDk2amtAT8SFol7O/nz5WrMKuWMwD9WPm8rOc+wgAAJAcPOh6FP65X76If t97g0uxJpIOFS45EKothBJo2xsmDHGoqCbD2Ljy2x3XWVxKBxANRZwgEeVE1VyULDO9j zeuw==
X-Received: by 10.112.9.231 with SMTP id d7mr7836753lbb.8.1363186307365; Wed, 13 Mar 2013 07:51:47 -0700 (PDT)
Received: from buildpc ([93.188.44.200]) by mx.google.com with ESMTPS id fq10sm1156324lbb.14.2013.03.13.07.51.45 (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 13 Mar 2013 07:51:46 -0700 (PDT)
Message-ID: <BC5E4CA618BE4508859830CAA8D6A337@buildpc>
From: "Valery Smyslov" <svanru@gmail.com>
To: "Paul Wouters" <paul@nohats.ca>
References: <20799.34490.611737.922474@fireball.kivinen.iki.fi> <294A12724CB849D2A33F7F80CC82426A@buildpc> <alpine.LFD.2.03.1303130941040.27437@nohats.ca> <4C4F5DE0838E4DCFBAE31A02D7ED5D33@buildpc> <alpine.LFD.2.03.1303131036300.27437@nohats.ca>
Date: Wed, 13 Mar 2013 18:52:00 +0400
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
Cc: ipsec@ietf.org, Tero Kivinen <kivinen@iki.fi>
Subject: Re: [IPsec] IKE fragmentation
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2013 14:51:53 -0000

>>> Our implementation also does not handle the first packet of an
>>> exchange to be fragmented, because we have no state to store the
>>> fragments for. In practise this does not matter because the first
>>> packet is never large enough to need fragmentation.
>>
>> We do the same.
>
> So does it make sense to say in the document that the first packet
> must not be fragmented?

If you mean draft-smyslov-ipsecme-ikev2-fragmentation, that limitation must
be already there. If it is not clear enough, I'll make it more explicit.

Or are you talking about the fictional IETF document (not yet written)
describing existing IKEv1 fragmentation? Probably it is better that
the authors of that solution document it.

Regards,
Valery.

> Paul