On Sun, 09 May 2004 06:43:46 +0900
Masataka Ohta <mohta(_at_)necom830(_dot_)hpcl(_dot_)titech(_dot_)ac(_dot_)jp>
wrote:
Mark Smith;
Filtering on protocol/port numbers is a broken concept.
Yes, it is.
However, it is merely as broken as PMTUD that we don't need
security discussion to deny PMTUD.
I've understood that what you have described is the end-goal
of end-to-end, opportunistic encryption and authentication
ie. IPsec.
Back to the original problem, PMTUD depends on the capabilities
of intermediate systems on a path to generate certain ICMP,
generation of which is as complex as fragmentation itself,
that it is not very end to end.
Radia Perlman, in her book "Interconnections", 2nd edition,
suggests a few alternative methods of performing PMTUD, including
one which wouldn't require feedback from the network, starting at
pg 185.
That is, PMTUD is a broken concept.
I'm not sure I understand you. Are you saying the idea of PMTUD
is broken, or the way it currently works ?
Regards,
Mark.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf