IMO it's worth including a sentence that highlights these things
elsewhere in the doc.
But if others disagree, the existing text is sufficient.
Joe
On 2/7/2017 1:31 PM, otroan(_at_)employees(_dot_)org wrote:
Thanks Joe.
I'd add one sentence about Fred's observation too:
In addition, spoofed ICMP messages can also affect the correct operation
of PMTUD.
You don't think that's covered by the existing security considerations:
This Path MTU Discovery mechanism makes possible two denial-of-
service attacks, both based on a malicious party sending false Packet
Too Big messages to a node.
In the first attack, the false message indicates a PMTU much smaller
than reality. This should not entirely stop data flow, since the
victim node should never set its PMTU estimate below the IPv6 minimum
link MTU. It will, however, result in suboptimal performance.
In the second attack, the false message indicates a PMTU larger than
reality. If believed, this could cause temporary blockage as the
victim sends packets that will be dropped by some router. Within one
round-trip time, the node would discover its mistake (receiving
Packet Too Big messages from that router), but frequent repetition of
this attack could cause lots of packets to be dropped. A node,
however, should never raise its estimate of the PMTU based on a
Packet Too Big message, so should not be vulnerable to this attack.
Best regards,
Ole