ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Problem of blocking ICMP packets

2004-05-08 14:52:24
from [Masataka Ohta] [Permanent Link] 
Mark Smith;


Filtering on protocol/port numbers is a broken concept.


Yes, it is.

However, it is merely as broken as PMTUD that we don't need
security discussion to deny PMTUD.


I've understood that what you have described is the end-goal
of end-to-end, opportunistic encryption and authentication ie.
IPsec.


Back to the original problem, PMTUD depends on the capabilities
of intermediate systems on a path to generate certain ICMP,
generation of which is as complex as fragmentation itself,
that it is not very end to end.

That is, PMTUD is a broken concept.

                                                Masataka Ohta



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Firewalling for the new millennium, was: Problem of blocking ICMP packets, Iljitsch van Beijnum
Next by Date:  Re: Problem of blocking ICMP packets, Mark Smith
Previous by Thread:  Re: Firewalling for the new millennium, was: Problem of blocking ICMP packets, Melinda Shore
Next by Thread:  Re: Problem of blocking ICMP packets, Mark Smith
Indexes:  [Date] [Thread] [Top] [All Lists]