Re: Problem of blocking ICMP packets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 09 May 2004 06:43:46 +0900
Masataka Ohta <mohta@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

> Mark Smith;
> 
> > > Filtering on protocol/port numbers is a broken concept.
> 
> Yes, it is.
> 
> However, it is merely as broken as PMTUD that we don't need
> security discussion to deny PMTUD.
> 
> > I've understood that what you have described is the end-goal
> > of end-to-end, opportunistic encryption and authentication
> > ie. IPsec.
> 
> Back to the original problem, PMTUD depends on the capabilities
> of intermediate systems on a path to generate certain ICMP,
> generation of which is as complex as fragmentation itself,
> that it is not very end to end.
> 

Radia Perlman, in her book "Interconnections", 2nd edition,
suggests a few alternative methods of performing PMTUD, including
one which wouldn't require feedback from the network, starting at
pg 185.

> That is, PMTUD is a broken concept.
> 

I'm not sure I understand you. Are you saying the idea of PMTUD
is broken, or the way it currently works ?

Regards,
Mark.

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]