>>>>> "Many network security devices block all ICMP messages for perceived
>>>>> security benefits, including the errors that are necessary for the proper
>>>>> operation of PMTUD. This can result in connections that complete the
>>>>> TCP three-way handshake correctly, but then hang when data is transferred.
>>>>> This state is referred to as a black hole connection."
>>>>
>>>> Yes. What we are asked to do for Internet Standard is show that a protocol
>>>> is widely deployed and is interoperable. That's undoubtedly true of RFC1981.
>>>> The fact that it also has an important failure mode should certainly be
>>>> documented, but I suspect that every Internet Standard has at least
>>>> one important failure mode.
>>>
>>> the problem is that this particular failure mode is essentially "does
>>> not work on the real internet." perhaps documenting that is useful.
>>> but i guess this is ipv6.
>>
>> I fully agree that it should be documented, but the details are already
>> documented elsewhere. In this document it can be quite short.
>
> i have no problem with terse :)
>
> "Unfortunately, this protocol does not actually work on the real
> internet, see \cite{elsewhere}," seems fine to me.
In the discussion with Joe, we came up with something along the lines of:
"Many network security devices block all ICMP messages for perceived
security benefits, including the errors that are necessary for the proper
operation of PMTUD. This can result in connections that complete the
TCP three-way handshake correctly, but then hang when data is transferred.
This state is referred to as a black hole connection. This is one significant
example of how PMTUD is broken on the Internet."
Best regards,
Ole
Attachment:
signature.asc
Description: Message signed with OpenPGP