Re: [Ipsec] STRAW POLL: Handling of fragments in RFC-2401bis (section 7)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] STRAW POLL: Handling of fragments in RFC-2401bis (section 7)
Theodore Ts'o wrote:
QUESTION 1: Select one of the following
____ Both Methods #2 and Method #3 should be a MAY
____ One or both of Methods #2 and #3 should be a SHOULD or a MUST
___ Method #2 (non-initial fragments get sent to an OPAQUE
SA) should be be SHOULD or MUST
___ Method #3 (stateful fragment inspection) should be
SHOULD or MUST)
___ Both Method #2 and #3 should be SHOULD or MUST
It makes sense to mix non-initial fragments where the initial frags are
mixed (Method #1).
It makes no security sense to mix some non-initial traffic where the
initial fragments are not so mixed.
I would consider Method 2 a MUST NOT in that regard.
If I have to vote for one of the above, then:
__X__ Both Methods #2 and Method #3 should be a MAY
QUESTION 2: Should Method #2 (non-initial fragments) be:
(you may pick more than one)
___ MUST
___ SHOULD
___ MAY
Again, I would go MUST NOT. At best, if I have to pick from above,
__X__ MAY
QUESTION 3: Should Method #3 (stateful fragment inspection) be:
(you may pick more than one)
___ MUST
___ SHOULD
___ MAY
_X_ MAY
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
Ipsec mailing list
Ipsec at ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
