FWIW...
On 1/16/2019 11:26 AM, Tom Herbert wrote:
> ...A stateless firewall could just drop the first fragment that
> contains the transport layer header and allow non first fragments to
> past. This achieves the filtering goal to prevent delivery of the
> reassmbled packet.
That works only if
Tom,
On 1/14/2019 2:04 PM, Tom Herbert wrote:
> Hello. I have a couple of comments:
>
> >From the draft:
> "Middle boxes SHOULD process IP fragments in a manner that is
> compliant with RFC 791 and RFC 8200. In many cases, middle boxes must
> maintain state in order to achieve this goal."
>
>
Tom,
We seem to be talking past one another.
Would you objection be satisfied if I deleted the sentence?
Ron
> -Original Message-
> From: Tom Herbert
> Sent: Wednesday, January 16, 2019 3:03 PM
> To: Ron Bonica
> Cc: int-area
> Subject:
On Wed, Jan 16, 2019 at 11:40 AM Ron Bonica wrote:
>
> Inline…..
>
>
>
> From: Tom Herbert
> Sent: Wednesday, January 16, 2019 2:27 PM
> To: Ron Bonica
> Cc: int-area
> Subject: Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05 (Tom
> Herbert)
>
>
>
>
>
> On Tue, Jan 15, 2019, 6:17 PM
Inline…..
From: Tom Herbert
Sent: Wednesday, January 16, 2019 2:27 PM
To: Ron Bonica
Cc: int-area
Subject: Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05 (Tom Herbert)
On Tue, Jan 15, 2019, 6:17 PM Ron Bonica
mailto:rbon...@juniper.net> wrote:
Tom,
Please take a look at Section
On Tue, Jan 15, 2019, 6:17 PM Ron Bonica Tom,
>
> Please take a look at Section 4.3 (Stateless Firewalls). How can the
> stateless firewall behave optimally without maintaining state?
>
Ron,
A stateless firewall that maintains state is no longer a stateless
firewall. Introducing state requires
