>>And I think if the IKE_SA_INIT messages grow too large with QSKE, then it’s
>>better to develop
>>generic fragmentation mechanism for IKE_SA_INIT, rather than making it
>>specific for fragmenting
>>QSKE blobs. Generic mechanism would allow to reuse it in case we’ll have to
>>other large payloads in initial messages.
Yes, while a generic mechanism would allow it to be reused, it sounds like a
different draft all together. It could result in a very complex change in the
protocol. Furthermore, we would like to support QSKE blob that is larger than
64KB in size, hence we fragment it in that way.
IPsec mailing list