Re: IPsec and Fragmentation
Stephen Kent <kent@bbn.com> Wed, 08 July 1998 22:46 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id SAA20306 for ipsec-outgoing; Wed, 8 Jul 1998 18:46:20 -0400 (EDT)
X-Sender: kent@po1.bbn.com
Message-Id: <v03110744b1c9a88747af@[128.89.0.110]>
In-Reply-To: <5040300017945831000002L012*@MHS>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 08 Jul 1998 18:57:53 -0400
To: Karen Heron <heron@us.ibm.com>
From: Stephen Kent <kent@bbn.com>
Subject: Re: IPsec and Fragmentation
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Karen, >Thanks for the clarification. (However, I'm having trouble finding section >3.2.5 in my copy of the architecture doc (draft-ietf-ipsec-arch-sec-05)). But >I believe that the statement in Appendix B, section B.2, "Fragmentation MUST >be done after outbound IPsec processing." is incorrect. In fact, for a tunnel >mode SA on a host, fragmentation must be done before IPsec processing to make >PMTU discovery work, correct? The section I cited is from the most recent version of the spec, arch-sec-06, distributed to the list last week (7/2). However, B.2 still makes the same statement in this version! I could point out that the appendices are not normative, but I guess it would be better to just fix it :-). Steve
- IPsec and Fragmentation Karen Heron
- Re: IPsec and Fragmentation Karen Heron
- Re: IPsec and Fragmentation Dan McDonald
- Re: IPsec and Fragmentation Karen Heron
- Re: IPsec and Fragmentation Dan McDonald
- Re: IPsec and Fragmentation M.C.Nelson
- Re: IPsec and Fragmentation C. Harald Koch
- Re: IPsec and Fragmentation Michael C. Richardson
- Re: IPsec and Fragmentation Karen Heron
- Re: IPsec and Fragmentation Stephen Kent
- Re: IPsec and Fragmentation Karen Heron
- Re: IPsec and Fragmentation Stephen Kent
- Re: IPsec and Fragmentation Stephen Kent
- Re: IPsec and Fragmentation Len Samuelson