The text below is not about tunnels - this is about the operation of
transport, and the quoted text is from the new UDP Guidelines ID.
On 15/02/2017 21:26, Joe Touch wrote:
Hi, Gorry (et al.),
Again, the following text should not drift into discussing how tunnels
are handled IMO. That should be addressed in a different document (and I
don't think it's troublesome at all if viewed correctly).
Joe
On 2/14/2017 9:23 AM, Gorry Fairhurst wrote:
- Introduces a significant vulnerability. A rogue PTB message that
reduces the PMTU to a minimum, can result in a path too small to carry
an encapsulated packet. (Recently noted by Fernando Gont).
Moreover, other layers view ICMP messages with suspicion and have long
noted the need to check ICMP payload and match only packets that
relate to actual 5-tuples in use (effectively reducing vulnerability
to off-path attacks). For example, the Guidelines for UDP, rfc5405bis,
state:
" Applications SHOULD appropriately validate the payload of ICMP
messages to ensure these are received in response to transmitted
traffic (i.e., a reported error condition that corresponds to a UDP
datagram actually sent by the application). …“
The comment below could easily be handled by something that clearly
indicates the problem and points to the tunnel draft for guidance, I
agree no need to go into algorithms/methods here.
- clearly handling this in IP-layer tunnels can be troublesome, but
that's a problem that should be described, not obscured.
Gorry