On Sun, 09 May 2004 06:43:46 +0900 Masataka Ohta <mohta@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > Mark Smith; > > > > Filtering on protocol/port numbers is a broken concept. > > Yes, it is. > > However, it is merely as broken as PMTUD that we don't need > security discussion to deny PMTUD. > > > I've understood that what you have described is the end-goal > > of end-to-end, opportunistic encryption and authentication > > ie. IPsec. > > Back to the original problem, PMTUD depends on the capabilities > of intermediate systems on a path to generate certain ICMP, > generation of which is as complex as fragmentation itself, > that it is not very end to end. > Radia Perlman, in her book "Interconnections", 2nd edition, suggests a few alternative methods of performing PMTUD, including one which wouldn't require feedback from the network, starting at pg 185. > That is, PMTUD is a broken concept. > I'm not sure I understand you. Are you saying the idea of PMTUD is broken, or the way it currently works ? Regards, Mark. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf