--Apple-Mail-28-23948093
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed


On May 21, 2004, at 10:32 AM, Michael Richardson wrote:

>   Please see draft-richardson-ipsec-fragment-00.txt, which the pmtud WG
> has not yet adopted as a BCP, but has talked about.

I just read your I-D.  The problem statement is nothing more than the 
classic "ICMP black hole" that PMTU has had to deal with for quite some 
time anyway, and has absolutely nothing to do with IPsec ... as far as 
I can tell, the only reason it's related to IPsec *at all* is because 
tunnels happen to reduce the MTU.  It could certainly happen with any 
encapsulation protocol, including plain old IP-IP.

Just become "some" IPsec vendors subsequently chose to ignore DF 
because they were being "blamed" for the ICMP black hole does not mean 
that it's appropriate for NetBSD's IPsec implementation to default to 
this utterly bogus behavior.

         -- Jason R. Thorpe <thorpej@wasabisystems.com>


--Apple-Mail-28-23948093
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFAtoxyOpVKkaBm8XkRAjzVAJ9FJo9h3vKMwB/9BE32EKBJG82fJQCdGN/s
KZwJEyyAj0pt8InkLEGSIEQ=
=4QdO
-----END PGP SIGNATURE-----

--Apple-Mail-28-23948093--