> On Apr 1, 2016, at 11:24 AM, Greg Dowd <[email protected]> wrote: > > Removing fragmentation by definition in an application protocol isn’t even > possible in Ipv4 as routers can frag. It seems a large challenge to > manipulate any x509 stack and not expect fragmentation? I know we all tend > to think of 1514 (IP over 802.3 Ethernet) but MTU is not defined by the > endpoints but the path. I think a number of times there has been a > discussion of running some session components over tcp which might help with > some of the sequencing issues of splitting the transaction? A backwards > compatibility challenge is that, while ntp owns udp and tcp 123, I think many > existing firewall configurations would drop tcp connections for 123. I don’t > know how many autokey deployments are actually running so perhaps it is not > that big an issue.
There is a lot of data around packet sizes that are able to be passed on the wire without issue. Anything over 1400 starts to be a risk of being dropped. Consumers on PPPoE often see 1492. My advice is to look at what has transpired in the DNS protocol around this. If you haven’t had time to read up on the history there, it’s ripe with details of what works and does not. There is a lot of probing that happens in the protocol to determine the packet sizes permissible with EDNS. While fragmentation may occur and bits may pass, it is unlikely to be reliable. As the protocol is designed, these operational considerations should understood. - Jared _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
