Hi, Fred,
On 02/08/2017 01:35 PM, Templin, Fred L wrote:
Also not to be lost in this discussion is the potential for spoofed ICMP
messages
that would report a size that is either too large or too small.
RFC5927 is all about this.
Right. The point is that these data points would seem to indicate that
standard
PMTUD per rfc1981bis is not reliable nor secure enough for operation on open
internetworks such as the global public Internet. Maybe the security section
should say that?
PMTUD as per rfc1981bis is certainly not reliable, since ICMPv6 messages
are not reliable (actually, ICMP itself is obviously unreliable, but the
widespread filtering of ICMPv6 messages results in more deterministic
failures)
"security"-wise, you can improve things to a decent level. e.g., for TCP
based traffic all IPv6 implentations check the TCP sequence number (and
por numbers) in the embedded packet.
Besides, if you look at RFC5927, there a PMTUD-specific mitigation which
essentially means that during the life of a connection, upon receipt of
an ICMP PTB, you save the message, but only honor the message if there's
not progress on the connection. -- somehow mimicking RFC4821.
So I'd say that the issue with PMTUD is mostly reliability than security.
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont(_at_)si6networks(_dot_)com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492