On 02/07/2013 06:47 PM, Karl Auer wrote: > On Thu, 2013-02-07 at 21:59 +0100, Ole Troan wrote: >>>> as Karl pointed out, what do we do with the ESP header? >>> The document needs to make a special exception for encrypted >>> payloads. In that case, the ESP header must begin on the first >>> fragment, but need not end on the first fragment. > > Do you mean that the ESP header must be the first item in the > fragmentable part of the first fragment? Or that the ESP header must be > (at least partly) in the non-fragmentable part of the first fragment? > > If the latter, that's a new kind of animal. At present, a header is > either completely in the non-fragmentable part or completely in the > fragmentable part. Permitting a header to straddle the fragment header > seems odd, and I can't immediately see how you could do it without > changing the fragment header definition, either.
I think we all mean that the ESP header must be the last "visible" header in the fragmentable part of the first fragment. Put another way, if the ESP header is the last chunk of headers one could possibly snoop without decrypting the packet, then that header must be in the first fragment. Cheers, -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
