On 09/02/2017 20:39, otroan@xxxxxxxxxxxxx wrote:
>>>>>> "Many network security devices block all ICMP messages for perceived
>>>>>> security benefits, including the errors that are necessary for the proper
>>>>>> operation of PMTUD. This can result in connections that complete the
>>>>>> TCP three-way handshake correctly, but then hang when data is transferred.
>>>>>> This state is referred to as a black hole connection."
>>>>>
>>>>> Yes. What we are asked to do for Internet Standard is show that a protocol
>>>>> is widely deployed and is interoperable. That's undoubtedly true of RFC1981.
>>>>> The fact that it also has an important failure mode should certainly be
>>>>> documented, but I suspect that every Internet Standard has at least
>>>>> one important failure mode.
>>>>
>>>> the problem is that this particular failure mode is essentially "does
>>>> not work on the real internet." perhaps documenting that is useful.
>>>> but i guess this is ipv6.
>>>
>>> I fully agree that it should be documented, but the details are already
>>> documented elsewhere. In this document it can be quite short.
>>
>> i have no problem with terse :)
>>
>> "Unfortunately, this protocol does not actually work on the real
>> internet, see \cite{elsewhere}," seems fine to me.
>
> In the discussion with Joe, we came up with something along the lines of:
>
> "Many network security devices block all ICMP messages for perceived
> security benefits, including the errors that are necessary for the proper
> operation of PMTUD. This can result in connections that complete the
> TCP three-way handshake correctly, but then hang when data is transferred.
> This state is referred to as a black hole connection. This is one significant
> example of how PMTUD is broken on the Internet."
wfm, subject to Randy's language nit.
Brian