On Thu, 2013-02-07 at 01:14 -0800, joel jaeggli wrote: > On 2/7/13 12:37 AM, Karl Auer wrote: > > On Thu, 2013-02-07 at 08:04 +0000, Brian E Carpenter wrote: > >>> That's your take. My take is that packets that have more headers than > >>> payload don't make any sense. We put headers to move payloads -- not the > >>> other way around. > > Coming in very late and this has probably already been thought of, but > > the ESP header *is* effectively a payload, and may need to be > > fragmented. > everything after the esp header is payload for everyone other than the > intended recipient, who has more headers to unwrap once the payload has > been decrypted.
Er - yes. I just meant that you can't take the hard line that "headers shall not be fragmented" (not that Brian was saying that) when at least one header may have to be. There will only be more headers to unwrap in tunnel mode. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://www.biplane.com.au/blog GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------