IMO it's worth including a sentence that highlights these things elsewhere in the doc. But if others disagree, the existing text is sufficient. Joe On 2/7/2017 1:31 PM, otroan@xxxxxxxxxxxxx wrote: > Thanks Joe. > >> I'd add one sentence about Fred's observation too: >> >> In addition, spoofed ICMP messages can also affect the correct operation >> of PMTUD. > You don't think that's covered by the existing security considerations: > > This Path MTU Discovery mechanism makes possible two denial-of- > service attacks, both based on a malicious party sending false Packet > Too Big messages to a node. > > In the first attack, the false message indicates a PMTU much smaller > than reality. This should not entirely stop data flow, since the > victim node should never set its PMTU estimate below the IPv6 minimum > link MTU. It will, however, result in suboptimal performance. > > In the second attack, the false message indicates a PMTU larger than > reality. If believed, this could cause temporary blockage as the > victim sends packets that will be dropped by some router. Within one > round-trip time, the node would discover its mistake (receiving > Packet Too Big messages from that router), but frequent repetition of > this attack could cause lots of packets to be dropped. A node, > however, should never raise its estimate of the PMTU based on a > Packet Too Big message, so should not be vulnerable to this attack. > > Best regards, > Ole >