IETF Logo Mail Archive

Re: [Ipsec] big IKE packets

Michael Richardson <mcr@sandelman.ottawa.on.ca> Wed, 01 September 2004 00:22 UTC

Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA16927 for <ipsec-archive@lists.ietf.org>; Tue, 31 Aug 2004 20:22:36 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C2IlX-0007Ly-AG; Tue, 31 Aug 2004 20:14:19 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C2Ic3-0003rp-FC for ipsec@megatron.ietf.org; Tue, 31 Aug 2004 20:04:31 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA15023 for <ipsec@ietf.org>; Tue, 31 Aug 2004 20:04:30 -0400 (EDT)
Received: from portal.tislabs.com ([192.94.214.101] helo=lists.tislabs.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1C2Ie5-0003Jg-CD for ipsec@ietf.org; Tue, 31 Aug 2004 20:06:40 -0400
Received: from nutshell.tislabs.com (firewall-user@sentry.gw.tislabs.com [192.94.214.100]) by lists.tislabs.com (8.11.6/8.11.6) with ESMTP id i8100Hd22661 for <ipsec@lists.tislabs.com>; Tue, 31 Aug 2004 20:00:17 -0400 (EDT)
Received: (from uucp@localhost) by nutshell.tislabs.com (8.12.9/8.12.9) id i8101WU6013687 for <ipsec@lists.tislabs.com>; Tue, 31 Aug 2004 20:01:32 -0400 (EDT)
Received: from cyphermail.sandelman.ottawa.on.ca(205.150.200.161) by nutshell.tislabs.com via csmap (V6.0) id srcAAAVUaWRA; Tue, 31 Aug 04 20:01:26 -0400
Received: from lox.sandelman.ottawa.on.ca (IDENT:root@lox.sandelman.ottawa.on.ca [205.150.200.178]) by noxmail.sandelman.ottawa.on.ca (8.11.6p3/8.11.6) with ESMTP id i8102lg03320 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified FAIL); Tue, 31 Aug 2004 20:04:03 -0400 (EDT)
Received: from sandelman.ottawa.on.ca (desk.marajade.sandelman.ca [205.150.200.247]) by lox.sandelman.ottawa.on.ca (8.11.6p3/8.11.6) with ESMTP id i8108w827249 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified NO); Tue, 31 Aug 2004 20:09:04 -0400 (EDT)
Received: from sandelman.ottawa.on.ca (marajade [127.0.0.1]) by sandelman.ottawa.on.ca (8.12.11/8.12.3/Debian-6.6) with ESMTP id i7VNxtnk027213; Tue, 31 Aug 2004 19:59:55 -0400
Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by sandelman.ottawa.on.ca (8.12.11/8.12.3/Debian-6.6) with ESMTP id i7VNxqK2027209; Tue, 31 Aug 2004 19:59:53 -0400
To: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Subject: Re: [Ipsec] big IKE packets
In-Reply-To: Message from Paul Hoffman / VPNC <paul.hoffman@vpnc.org> of "Tue, 31 Aug 2004 16:23:27 PDT." <p06110474bd5ab88a26c3@[10.20.30.249]>
References: <1093975729.2123.47.camel@suren> <14803.1093977688@marajade.sandelman.ottawa.on.ca> <16692.51923.636395.47486@gargle.gargle.HOWL> <16035.1093979493@marajade.sandelman.ottawa.on.ca> <16692.54339.116599.315927@gargle.gargle.HOWL> <18117.1093983805@marajade.sandelman.ottawa.on.ca> <p06110474bd5ab88a26c3@[10.20.30.249]>
X-Mailer: MH-E 7.4.2; nmh 1.0.4+dev; XEmacs 21.4 (patch 15)
Mime-Version: 1.0 (generated by tm-edit 1.8)
Content-Type: text/plain; charset="US-ASCII"
Date: Tue, 31 Aug 2004 19:59:52 -0400
Message-ID: <27208.1093996792@marajade.sandelman.ottawa.on.ca>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
X-Spam-Score: 2.3 (++)
X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b
Cc: ipsec@lists.tislabs.com, pki4ipsec@honor.icsalabs.com
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "VPNC" == VPNC  <Paul> writes:
    VPNC> It would be a lot easier for those of us who think "let's not
    VPNC> re-invent TCP in IKEv2" to know what you are talking about if
    VPNC> we had an Internet Draft will your full proposal for the
    VPNC> fragment handling. Without that, we'll just keep saying "it's
    VPNC> too hard, and it's not important enough" and you'll keep
    VPNC> saying "it really isn't, and it is important".

  Remember, that I'm the guy who thinks that one of the reasons that 
certificates shouldn't be exchanged in-band is because of problems like
this :-)
  I do, however, hate PSK, and want it to go away, so if solving this
problem makes progress, then I'm willing to help.

  I twigged on this after reading parts of the last month of the
pki4ipsec list, and started to think about it in the shower or
something.

  I would be happy to write a document --- but others need to say, "yes,
solving the cert too-big-for-MTU is important".

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQTUQ9oqHRg3pndX9AQF4DwP/WsD+KsE3O+e+HXZ/kyQL6k1kBAHXfik0
iI5jK3/su22KOifPqcTxPjDLp/zYAyd299SNbL8jmKiRNE6jSlC0+Kohjt5DcqhV
gaGNHbihklX/7ve5YIhpyMo5h8BkN5lSFeEGY9JFxteCac3xlvtGz2/x8uPAZrJb
tY6AC9xCxLA=
=mJaA
-----END PGP SIGNATURE-----

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email