[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Moving PIC forwards

To: Yaron Sheffer <yaronf@xxxxxxx>
Subject: RE: Moving PIC forwards
From: Bernard Aboba <aboba@xxxxxxxxxxxxx>
Date: Fri, 9 Nov 2001 06:56:27 -0800 (PST)
Cc: William Dixon <wdixon@xxxxxxxxxxxxxxxxxxxxx>, Markus Stenberg <mstenber@xxxxxxx>, ietf-ipsra@xxxxxxxx
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx

> fragmentation is obviously a serious issue. However, I'm worried that moving
> PIC to TCP could mean the death of this protocol, at least in the VPN space.
> Hardware VPN vendors don't trust TCP, because of the amount of state
> involved and the associated DOS exposure. And until PIC is "re-purposed",
> this is an important deployment segment.

OK. So what about a "cert continuation" payload? I'd note that PIC already
supports multiple round-trips, and EAP methods can already support such
continuations (see RFC 2716).

Follow-Ups:
- Re: Moving PIC forwards
  - From: Scott G. Kelly

References:
- RE: Moving PIC forwards
  - From: Yaron Sheffer

Prev by Date: RE: Moving PIC forwards
Next by Date: Re: Moving PIC forwards
Previous by thread: RE: Moving PIC forwards
Next by thread: Re: Moving PIC forwards
Index(es):
- Date
- Thread