Hi, In these discussions, it seems like we might be losing sight of what problem or problems we are trying to address. The focus of the non-SEAL proposals seems to be solely on making L4 port information available in non-initial fragments. Important yes, but there are other problems that need to be addressed.
For example, for the tiny fragment attack SEAL mandates that the initial fragment be at least 256 bytes in length such that a tiny fragment attack is not physically possible. Non initial fragments are also physically constrained such that they cannot begin before the 256th byte, so an overlapping fragment that corrupts the transport layer headers is not possible. SEAL also provides a path MTU probing facility to determine when the path MTU is large enough to suspend the segmentation and reassembly process. SEAL also works in the absence of ICMP Packet Too Big messages. It also provides a tunnel-mode as well as transport-mode of operation, and supports all combinations of IPv6/IPv4 tunneling (6-in-6, 4-in-6, 6-in-4, 4-in-4). And, SEAL is also a universal encapsulation framework that works with any existing transport layer protocol that needs to use it. So, there are lots of issues to be addressed - not just one. Thanks - Fred fred.l.temp...@boeing.com -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
