-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Paul" == Paul Wouters
<paulxelerance.com> writes:
    >> We set the UDP checksum to 0 on NAT-T packets.
UDP checksum is a waste
    >> of time, when we have the HMAC to authenticate
the data.

    Paul> but doesn't that make the packet 'invalid' to
any router that
    Paul> might check the checksum? What do the RFCs say?
When should
    Paul> you do checksum verification? 

  UDP.CHECKSUM=0 means don't do UDP checksums.

- -- 
]       ON HUMILITY: to err is human. To moo, bovine.       
   |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON
   |net architect[
] mcrxelerance.com      http://www.san
delman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel
hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBQ7ws+YCLcPvd0N1lAQKKVggAgZkMlmArzwkpgPGw7xS0UJooNOlI
dsf5
pinTVNe5DJoh56sFNNmJUyxFopqWusNHi4otsuGOUJc4KLkHbxqeoXxO/XzM
uiF1
ndDQNJvwsqcG+vyrS36O+dcp75cUlKOOpsvSuzXrrqrIODC193CT7Z2en9JH
I/lD
q3NQefRQhFnA4Syex4xr7iZUgEnbHwy6mryK1Ta2QNsMa3PWDHeTzDJYpM5N
KMAz
WDDVSAIla+yy0If6i3PQoaPcRI0w4/7Q1DYSgrfWxGucGgOLXd98PrXlJLYa
w7G+
rUHyR5utEaPJJGqf1DEil0NBWMccst4qmptwqixdjIOiV6JVJAspxg==
=x4RY
-----END PGP SIGNATURE-----
_______________________________________________
Dev mailing list
Devopenswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev