Hi, Gorry (et al.), Again, the following text should not drift into discussing how tunnels are handled IMO. That should be addressed in a different document (and I don't think it's troublesome at all if viewed correctly). Joe On 2/14/2017 9:23 AM, Gorry Fairhurst wrote: > - Introdueces a significant vulnerability. A rogue PTB message that > reduces the PMTU to a minimum, can result in a path too small to carry > an encapsulated packet. (Recently noted by Fernando Gont). > > Moreover, other layers view ICMP messages with suspicion and have long > noted the need to check ICMP payload and match only packets that > relate to actual 5-tuples in use (effectively reducing vulnerability > to off-path attacks). For example, the Guidelines for UDP, rfc5405bis, > state: > > " Applications SHOULD appropriately validate the payload of ICMP > messages to ensure these are received in response to transmitted > traffic (i.e., a reported error condition that corresponds to a UDP > datagram actually sent by the application). …“ > - clearly handling this in IP-layer tunnels can be troublesome, but > that's a problem that should be described, not obscured.