IETF Logo Mail Archive

Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf-ntp-using-nts-for-ntp-24: (with DISCUSS and COMMENT)

Marcus Dansarie <marcus@dansarie.se> Thu, 19 March 2020 17:41 UTC

Return-Path: <marcus.dansarie.nilsson@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B76DB3A0C00; Thu, 19 Mar 2020 10:41:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Level:
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n5Ddt62POqWm; Thu, 19 Mar 2020 10:41:22 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A9853A0BF3; Thu, 19 Mar 2020 10:41:22 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id n20so2344905lfl.10; Thu, 19 Mar 2020 10:41:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:cc:references:from:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=+krTvyIFiUPW68pXV48WhajcWcJr5oyLqgpPGmks31Y=; b=slOQDgglCEGPra/IOh4xyYi/SsoqLaMtZ+rjZb2M1NRXInpMsj+C+ePVpN/eeAJi6m VOjNX8AgviPy4zIrahwqkNk0NqywPSKj6whaZ9npGOd+407i5HB9VmmoxGdm8tbpCJhL T6VWkIUrpKhh9uZPO4IaZZGvompMqN527MNC7JTUgN9VvQ+GatjE0SYs4V0G9xXji80I XR1M9QeBC0E+ok8AfRd71uOGXBkfFuK30L4Y+rlkB9zWN+OXZvCLBnNAJrereaPXoRAH 7oDZQdtYw7oVdHui7z7RVGdvbU6fuazTSrlN1635UHg1WNlL5+pdw2j0oSw9//i7S7/5 9GUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:cc:references:from:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=+krTvyIFiUPW68pXV48WhajcWcJr5oyLqgpPGmks31Y=; b=Zbg4a5Sob4R8QgPZaf16zlgaafePhswFDo9li7arsh5kgdBnv1XIJwpxvsHCegPTN8 HNWdgvLdhJwjPtaW0oXqgnvVgAGi0gHdLD4TJdEa7Rl6O/o6lnNNb5Ixl0lozINDGkrm IN+qVbbI+ttcTZzbOb5JqoBcrhzn/ayv2CbX02dDXockLqhJ8P7PbDLyuWMvx0M8IVB3 4FR9WpOv59iteF47AD1NAWMwGmVrr9ySUpGLD8KBBGZ1rEO9Ts1FOi/tefVdj3is2P4e TQPa76oPRo2Jprjzzj3I/M1Hlh82a0TEWB3Ujp2cHmDj7Z+xkuAjYDRobEGvqCUKo/wW Fw4Q==
X-Gm-Message-State: ANhLgQ3XkgVt64/8TifX11Z2V1TLAHRz5g1U9d+5U799e7XVuokCu3bi k3eLKE4UAJMoQznHT1nQGwE=
X-Google-Smtp-Source: ADFU+vt4EK3FNzsH++H8o8mPSrR1Ky7JFQQvqvgqW63EM1rSZ0jDFOn2s+dVkShOLDQFlJSMUPq4Mg==
X-Received: by 2002:ac2:569a:: with SMTP id 26mr2841364lfr.63.1584639679969; Thu, 19 Mar 2020 10:41:19 -0700 (PDT)
Received: from ?IPv6:2001:470:dfe6:0:d0c5:e696:d460:6cff? ([2001:470:dfe6:0:d0c5:e696:d460:6cff]) by smtp.gmail.com with ESMTPSA id g25sm1869983lfb.42.2020.03.19.10.41.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 19 Mar 2020 10:41:17 -0700 (PDT)
Sender: Marcus Dansarie <marcus.dansarie.nilsson@gmail.com>
To: Mirja Kühlewind <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>
Cc: draft-ietf-ntp-using-nts-for-ntp@ietf.org, ntp-chairs@ietf.org, ntp@ietf.org, Karen O'Donoghue <odonoghue@isoc.org>
References: <158462341321.13445.5821064113812671218@ietfa.amsl.com>
From: Marcus Dansarie <marcus@dansarie.se>
Autocrypt: addr=marcus@dansarie.se; prefer-encrypt=mutual; keydata= mQINBFawEn4BEAC8YukDy8f3eczlE8WAcuctrjsNltPCLZDzcj3vBmiayXlXuPULOopqeuw4 +oaZqj4KqvdFBA1mzvwPll7IHePuwAoJYJr48IbIXc9MRjtLoFtd0KnhiVPUS8F2cmfzSJ8E FEv92sz6UT8/tlLEu6sNqr6/caYUivspuW5wf4f6nkSE+6rao9Nx9X03r289IPNBSZv+Y/Ym jWHDPpbT8WLUJZ+A8RsW/1oza609oAzqTkclmnRzip8wZZWNg3Q55P7onBmTIOrEz13My9r5 DWCMHyxXgFL1RJ9YW0t4yRkRm+HvOn3Vesk3m8CCGA6esHV0IPZmBOxJr3l+UQYuDiTgFufr WMpu5MvlyKGHS4fNd505DyyJY2G6eQLLrOq3nZy4qoZSL42TMxzYglexg+H6P/YsIIShk5Ch h/hNphXjrElDWhbGT5JiRWIivgSj/gq5QVBbDLR3b25n9PA0byGemfcEHLkii6EKyH7GW6v9 sgmvCmPfEfppYcOP2g9Jdt8RPitx0UBjoCzWAn0Py0NvlFDyz0FQhWDPig3yo1CG5ljb686v VBwcHJthczUV0rIyVzfmnikIb9ZjydHSX3fFwLz1IcIIX+INS58qA0SDqOoyP2WTYGZCDPVw GMMh+wMtAL2MICTr6vybFWB58m4PsI1j8Ri+AQiEkxyJauI2WQARAQABtCRNYXJjdXMgRGFu c2FyaWUgPG1hcmN1c0BkYW5zYXJpZS5zZT6JAlwEEwEIAEYCGwMCHgECF4ACGQEJCwkNCAwH CwoEBhUKCQgLAgUWAwIBABYhBBfkVFb0H62SH33Csy9j5/6tpPBjBQJeDONDBQkJQKdFAAoJ EC9j5/6tpPBj/xkP/jXvaCeWK9zrphIn1oFX+ssyrJUnpPR0boj0kFsI8NQSReHJ4camTawp 8mhIWa3VWjY3BiklYhQHzFO2e/4lc8tLKHzTL9bSMRQkbmx+S5ek8JnBy9s6dqx+gNgFmm0I zm8iJeLwI0bOXxyOJ0ZGUif0Kf4ks++5NZNe9ybVnWrhjY63GNfQgJqFCZ2zOb1ua9EkiLWO EvFizody2Br3GuP4WyUgEyXLBwYsEzWYzTLaATbid8pWeghAJI880LTt54EtmLpzDKKrZB4H 4CFxh6IogSZTXIXZUbM6XfjMUpMYCzv+F46Hit01QmJtWlIHfjSRbS9H6b//gpCsAjlaYw2m eBovyl0q4sE9mXYxdTqlk51umsvfewravYsfDpSHZ+7iw9dSoft8CGI8PBSUfp3YhVlBzTeX AjYeQJ+aGsGYvn6I0OT5U085m/PsLzvjjcmgMasoYsThYssRE6UQNxXa7OljRlsTRL8f67Ty 6W3fSV6YLcfMEn5/Z9M6/I9W+V9XiaLgVGht03x2GzyE7On0gk/cgapREotaYiDXTzW4njDQ 5pgi85vBOIKX4shmlJ7TNPWSDEAaZRkZGVHzyw+VY+0gdcI65NXofESOzIRdWAHLeOL2savo LCdNJcophzJG6gbpqF6AawdE6YfJf3lsV6Fgp7qUXt5sNWsWF9f3uQINBFawEqwBEAClJOj1 zOQTMRGzLK/08tEdwR4EwBDiWNci0JtjT59xtJdlGujuf/9wkt9hRIiALqt8U0vHwCzmxVTP Eueewv40WOraJzzDv6OBXJZMeF+IN1/CGrZcn8rLG9J1CyyVf+gCxUUXmpQDlE91iYMB4ifj dTTTizRnVYOQh54TV0yyiL2bn+ZdL8NYNpUbpoG2vppltt0NXv9ib9WPug9Q8Sx33CkkCj3F HJLHeHqo6AkFTpBdSn6/Ezs+ZHpuhNCHtrZyiJOi2YZ8EzpuxDwVjHLh8iXu0amlXSGP5wA7 MpNEtomhGw3bUr3aBcenfS4u/RE3V/y+vXae33LtVmaH7sli0SmrP8iUxkks2qjtS6W2a/qF xlHK/FXBChNIG0uRROvDlIudg6UHzQlK4mBdraGz4etfDpsNAX0x5ssxBTaFrJlZz935GPLR sg4o5f+FYcQrIZGisfCmiH8rdF1bkz450/OyfzS7lTCoxeizOnlamVwUCTfrWah/l8BXgP/i Y6KlbGpfr7aVYvA5e7fPe7uRqzPsxq7pL72r3p/TkNuPtJ7cbShN99p7v/v38STSJ4jbzy2W LMBFw5dJI73XtSGU2g/viZgVfl4Tro4XeYMF/FmRDiYcd+GpuDoB+g+NJYpGRGnr4+GgWl9U YCnN1TE9LSpvehvvKMvGqi0U1ENOUwARAQABiQRbBBgBCAAmAhsCFiEEF+RUVvQfrZIffcKz L2Pn/q2k8GMFAl4M41wFCQlApzACKcFdIAQZAQgABgUCVrASrAAKCRDBCAAOw+Eh5rtYD/wN eZOov+0rwhszfD+IY9fI4qFUjuiKWR06fJ60HV7cStkDW6WtrF+NkUAwH5G0yrA+izyI9wtR 4r5OW5ruPWTRbHxOmsLfRnqh4dKU6uCvtoL+LNzAMyPORiZkzomOaKAPdtiVgECVupLsApDl 4tI2hpMYKmeTVuessXa83oGOi8uQGK/M57Koz20KPfLltJBsCcOwofCUdbmaPOlN/DspOaIe LWzN7qb3pzAuUltBCvVI3VRgqvfh6JSiGyaSUfjghfbtz0uAlZ4wSfHX2+Iw+1/9mlElZjkC y6QgxCb1vMqGSw5u596aGVm7m2zVGLn4/xhpFNbxHUwWre/AAMtJR5ASK3cq2au1U2rOja3f rRfzMuBqTrQGb+OcCaesaOssd7t+RmDKfv0u40z6ls9Mzav+BCXzfOnb3HNAgJE5C/xApTsd xhn5BZoxHy8N2Pc0emWe6JI5UDPlKpuwH6JDKrLaoHhE7Gy2U6iinQcgI5IEEa8wmwoWfkjU 5phTbZVHJ+yTOeZWcbJtyFIX18fbzyrZWguo1EWHubv33KqbiJ6klpfg5chwKXWZIlLmbivp Dv0KRybk5GB+X83OpeAH9dKT3kvcu6midppjFzakSIiaoSJDS9jcqQYEiRG71lnD7QdCoqjb fHZh8HXGYSbenDzisWIRouGsimOyeSaX6QkQL2Pn/q2k8GMJbw//fuKz02SFeJBoJL0riuwa Rz7xhoCuJ6F5T9foj5DMs1Bi2aNxHM+y8s60MrP48HrTmzvoirSR5n7hZdESVoE8HXqKeXD6 EBZyEDWWnqYbMMhdYUS7xKiA8SHMhF8qnT2Yy8OLeuXQPmfJWZcGGivNbmjRoGTh1rbIZPL5 8y5F4uY7TsJwX0nW5mMIngdEmSqoXOINa3+DrjG5zcpoCqGDFGEZSw6B3ZokceOUmSXyO6lk d0tL5G3B0ipUh47RIa81wmJDXqoF0g5nVjO/2fB6wzw9uITHVaLJ6ayCcKWQkyFJABN4ZLaF udK5V4241JieYgmy5uzD5xfKwwqqmj/qbVP0Gmw1mujAnR4KBppdsfDKle4hp/NriVAngKDC UgZwXk75qwbGkS7luHCF1x7sIA1Z332sROCYzALuWi4NzmcCUkdjKoMxqbFabFDpswq8mELe o1aYsyrpkDLOai3/M8EHRFNwgkfyweU+Xe+4H2H/yXeLOa17ED2xNcDnK+SnvFq+Hvsuu9m6 FbwLaAyGKW3d/D4be49/7Cwyk4aHM+nB/ozAvfeLkxXdZYtIIf72UbAHc9oJMLOEY1UqkHJ7 +mOxez7UWqErXxbauX+bZ70u5ipOf5E3wxdo7+E1FRMXReUHCysV0qUqNK/wG/NDFNQxYRnF ubNo7v9TpsmWZ8i5Ag0EVrASywEQAMscigyDy6txQ/cUE8P+S9zMPNbsTSqa3iyj0SREswxm JsrUou+yOt/Y4UxGX+JLc/zjI1+frWE33CNmucYMtrZSrxgQDp+Wp8Ak7UNQlBtRIjdcPqmA EFzgG9OP7If7MJZMeWVd47ybIYUKohuTdFgwJSF80f+DGLLjIchyVZbvyZWSQKIAxfavmZr1 CNEVYXyrL752rLVB+KnQgJaFqHFPp6cO/Y20ViF9QsLRtlref1VrxtdPuILhEKMmmc+ZRsDh J0V8Mi5q8pWcYWrz+JiVRyA1ULAhg6C2ypj1cFNnQyN22XptXbz687bqZQxar5xyAAV4D6i/ 8q1kNgSsbDq+XkWuGjS9kmvLGM9kGARNhMFNguJSgSfqZExPAJhCZ4hVboTKFoRR10482rlO yj0Va0GbmpGqftjNodA4mjpBi52pNymUF+s6eTk13L9DOOJ8d0+2Qd6e4uTeNXJhNW6g2l7b 5dt/bbHMla7hgqRKUtTqQRR2JCpP3vF4sHWnXYdEcJSACarBcxbfdwZBnF9Nwv7GiNTEEg7O +8qwlj16LTB8oNWjOwAHiqg0xQlL8JTz2rkX0gUIW1Hy9A6b6UikViRbmpHXg0s7364Xtxji mkKD8DVnC5NJDiwZztqG2iW7kxJnfA+eAClKEh+niZo5NpjWNUfhjUXM5DNVHtchABEBAAGJ AjwEGAEIACYCGwwWIQQX5FRW9B+tkh99wrMvY+f+raTwYwUCXgzjXAUJCUCnEQAKCRAvY+f+ raTwY0TWEACnl4/g2QvX/bCMTSgAeeHaX3Fs2k0j+XoOe0uwyPRxWzwtvAbipW7fRXdAru1v 4qJkoGQrZpXSKDQL1Ij5x7XM/SB5FaXjMspXZwB0Vh1kuTsdbAXuJhC8kIOsVBrnBOUtbYnY tjJT7yvOy1w1N3PaE9+/oW5DbiODd5LC3ZSG7hzFgYAfg0lm9DX2imPs6wnroWT4AN+Evvjk FC39HMrgavEWjgG2s5VvR15NWtNf/+8BPtMtMACzCeDKMBC+zYsoe0nksCas+XzUihERW2a6 vjCkzb6jVs5+QwapnskrKNw9CG7QTEcPsNXH7w798Q0/hFkAy6c1goH+YBMEmy/TtlXq0lMv TNzvB70Gjot9vc6FdQEeQW4BeEJ4E0Ii/aKV8PITTe45mO0YFyQooW7go1cIkY9Ue7/3ggr6 FXGDjFqNeZaf0S6XficHXHsmKYnObOsuFUfVpBZbhtiahR99VHMbiV+UjdUY3X5+Td5p/VIA sFbHFW7M157wHDJQDKad1NrvWjq5if/cpiKC1VYGLP595jlZUu99JmtwqlEEru6gh0Z94Iv3 8kAcSCf4M9jwwoTXKcHYXHezaFgl8q4op2C0dLWoJihgjXLYHYiQPNiRtkHPOPocDJtu3T1U foURyeSY4YcBgderqZHZgygBpdU0Arc9C5wWy1t9WofUIg==
Message-ID: <91fec277-2063-c0f4-df4a-b710a7d318b2@dansarie.se>
Date: Thu, 19 Mar 2020 18:41:10 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <158462341321.13445.5821064113812671218@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="eJwP5ZFDuDLtqMMLSTr7NmxJIYXfkZHdB"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/jQgoR_BCaGpybjxz4bB9g4dIjwc>
Subject: Re: [Ntp] Mirja Kühlewind's Discuss on draft-ietf-ntp-using-nts-for-ntp-24: (with DISCUSS and COMMENT)
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2020 17:41:26 -0000

Hi Mirja!

Thank you for your work in reviewing the draft. We have carefully gone
over all your comments and DISCUSS points. Each of them is addressed below.

Kind regards,
Marcus Dansarie

On 2020-03-19 14:10, Mirja Kühlewind via Datatracker wrote:
> Mirja Kühlewind has entered the following ballot position for
> draft-ietf-ntp-using-nts-for-ntp-24: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> Two rather small and hopefully quick-to-address points that I think must be
> clarified before publication of this spec:
> 
> 1) Sec 5.7: "In that
>    case, it MUST be able to detect and stop looping between the NTS-KE
>    and NTP servers by rate limiting the retries using e.g. exponential
>    retry intervals."
> Yes, rate limiting and exponential back-off is good here. However, you anyway
> need to define a maximum number of retries (to actually make it stop at some
> point) and further given some recommendation for an appropriate rate limit
> (e.g. initial retry after 3 seconds...?).

The exact values of this are implementation and application dependent.
What would be considered an acceptable value in one application may be
unacceptable in another. Furthermore, specifying good and safe values
for this would require operational experience that does not currently
exist and probably will not exist until NTS has been in use for a long time.

> 2) Sec 4.1.3: "      Error code 2 means "Internal Server Error".  The server
> MUST
>       respond with this error if it is unable to respond properly due to
>       an internal condition."
> At least for this error, I think you need to specify what the client should do
> on reception. Retry? Immediately? How often? Or wait for a while?

Same reply as above.

> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> In addition to Ben's discuss point on ports which I would also like to see the
> answer to, one more question: My understanding is that the TCP port (123) for
> NTP is not used and will likely never be used in future. Why are you not using
> that port for NTS-KE, as NTS-KE is using TCP?

As Harlan's reply to this comment indicates, there is WG consensus that
NTS-KE should not use the TCP port reserved for NTP. It should also be
noted that NTS-KE is not a protocol exclusively meant for NTP.

> A couple more small questions:
> 1) Sec 4.1.3:
> "The Critical Bit MUST be set."
> If you set the Critical Bit for error records, that would only mean that a
> receiver could send another error in response to that error which again has the
> critical bit set which then could cause another error, and it would go on
> forever. Yes, this case should never happen as all its-ke implementations must
> support error records but maybe it's safer to just not set the critical bit?

An error record loop between client and server is impossible in NTS-KE
for two reasons: First, error records are only allowed to be sent from
server to client. Second, client and server only send a single request
or response per NTS-KE session, see the first paragraph of Section 4.

> 2) Sec 4.1.4: I don't really understand the idea of the Warning record. There
> are no code points defined and there is no explanation given what this could be
> used for. Especially what should a client do that received a warning? Why is
> the error record not sufficient?

According to Section 4.1.4, a client which receives a warning code it
does not recognize MUST treat it as an error. The warning record type is
envisaged for future applications and experimental use. By creating a
"Network Time Security Warning Codes" registry, adding warning codes as
needed in the future is significantly simplified.

> 3) Sec 4.1.5: "   If the NTS Next Protocol Negotiation record offers Protocol
> ID 0 (for
>    NTPv4), then this record MUST be included exactly once. "
> In this case, I guess the critical bit should/MUST be also set to 1?

The reason for why the AEAD Algorithm Negotiation critical bit MAY be
set, instead of SHOULD/MUST, is to ensure compatibility with future
protocols which use NTS-KE, but not the AEAD Algorithm Negotiation record.

As an example, consider a hypothetical future Hyper Rocket Toaster Time
Transfer Protocol (HRTTTP) which uses NTS-KE, but utilizes some
different (and currently undefined records). A client that performs a
handshake with an NTS-KE server which only supports HRTTTP may send
multiple protocol IDs in the NTS Next Protocol Negotiation record. If
the client, for example, sends protocol ID 0 (NTPv4) and the protocol ID
for HRTTTP, it must include the required other records for both
protocols. If the client sets the Critical Bit of the AEAD Algorithm
Negotiation record in this case, the server MUST respond with error code
0 and the negotiation will fail, even though it is semantically correct
and it would have been entirely possible for the server to successfully
respond with HRTTTP cookies.

> 4) Sec 5.7:
> "1280 octets is
>    the minimum prescribed MTU for IPv6 and is in practice also safe for
>    avoiding IPv4 fragmentation.  Nonetheless, senders SHOULD include
>    fewer cookies and placeholders than otherwise indicated if doing so
>    is necessary to prevent fragmentation."
> RFC8085 says "For IPv4, EMTU_S is the smaller of 576 bytes and the
>    first-hop MTU [RFC1122]."
> Maybe it would be appropriate to note that.

This issue was brought up by Suresh in his AD review. We then elected to
keep the current text as is, since it refers to the general case, rather
than the strict requirements of RFC 1122.

v2.23.0 | Report a Bug | By Email