Christian Hopps writes: > I also need to point out that we are only talking about the case > where the implementation doesn’t use a timer to timeout missing > packets. We specifically added text highlighting that > implementations are free to timeout missing packets much earlier if > they so choose. Perhaps we should also highlight this again??
I do not really see how this timer text helps, or at all related to this discussion: Implementations that are concerned about memory use when packets are delayed (e.g., when an SA deletion is delayed), or non-IP-TFS uses of AGGFRAG mode, can of course use timers to drop packets as well. It seems to cover cases where SA is deleted or non-IP-TFS uses of AGGFRAG mode, which are not a concern here. Or non-IP-TFS uses of AGGFRAG mode might be relevant here, but I think the issues are also for IP-TFS uses of AGGFRAG. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec