[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moving PIC forwards

To: Bernard Aboba <aboba@xxxxxxxxxxxxx>
Subject: Re: Moving PIC forwards
From: Jan Vilhuber <vilhuber@xxxxxxxxx>
Date: Tue, 30 Oct 2001 13:49:17 -0800 (PST)
Cc: Paul Hoffman / VPNC <paul.hoffman@xxxxxxxx>, ietf-ipsra@xxxxxxxx
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

Of course that opens up TCP RST attacks and such... But I agree with the
fragmentation issues...

jan


On Tue, 30 Oct 2001, Bernard Aboba wrote:

> 
> > (c) something else
> > 
> > If you choose choice (c), 
> > please say what it is you want.
> > 
> 
> I'd like the protocol to run over TCP, so that we can handle large
> certificate payloads without fragmentation. In practice, fragmentation of
> IKE cert payloads has turned out to be a headache, because many
> existing router code loads cannot handle fragment filtering very well. 
> 
> It would be much easier if PIC could just be installed in a network
> without having to upgrade the routers. 
> 

 --
Jan Vilhuber                                            vilhuber@xxxxxxxxx
Cisco Systems, San Jose                                     (408) 527-0847

References:
- Re: Moving PIC forwards
  - From: Bernard Aboba

Prev by Date: Re: Moving PIC forwards
Next by Date: Re: Moving PIC forwards
Previous by thread: Re: Moving PIC forwards
Next by thread: Re: Moving PIC forwards
Index(es):
- Date
- Thread