Re: [tcpm] comments on draft-ietf-tcpm-icmp-attacks-05

Fernando Gont <> Thu, 11 June 2009 08:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 48DCB3A6853 for <>; Thu, 11 Jun 2009 01:30:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.332
X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[AWL=0.267, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MM2L02lhJnGK for <>; Thu, 11 Jun 2009 01:30:14 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 34CFA3A6803 for <>; Thu, 11 Jun 2009 01:30:14 -0700 (PDT)
Received: by qyk14 with SMTP id 14so23780qyk.29 for <>; Thu, 11 Jun 2009 01:30:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=LYtbSzvp5TY5U0kPBY+QIWlL5HaUdMGkWy7e2dwHpWg=; b=sTRgEQaZK3z3SyvDYxEPN+BFlEabefF6eqAeKppPL87lS6GFcuKNV1+cJJqfZE+uA5 MOhsYzhxFPz4kmLoEAkvFy1WN5zqaUH6rsYxc2D3l7N6cmHCetHO/rFrbiabuErAptfM /RIz7yj9Ss0XuYM1H/LuKnaoeQCpdZLyLwTfg=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=SJ/1ct1Hk3GwXLsLdLz6U3u7gMYIrcjWh17mwOR4aF5Nkkq38Lik6LnirpUqbr66TZ EbqgenASSuWwLInIZx805XuNukablpeC1Z3Td8bB4H7zvRQgreLJ+D4fMFkj3LvNcPVd QppRB+7rqFwqWg+OuCPx2jfIJyp1Jmk+rvfCI=
Received: by with SMTP id t20mr2859023qaj.328.1244709019418; Thu, 11 Jun 2009 01:30:19 -0700 (PDT)
Received: from ? ( []) by with ESMTPS id 7sm1800296qwb.46.2009. (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 11 Jun 2009 01:30:18 -0700 (PDT)
Sender: Fernando Gont <>
Message-ID: <>
Date: Thu, 11 Jun 2009 05:30:11 -0300
From: Fernando Gont <>
User-Agent: Thunderbird (Windows/20090302)
MIME-Version: 1.0
To: "Eddy, Wesley M. (GRC-MS00)[Verizon]" <>
References: <> <>
In-Reply-To: <>
X-Enigmail-Version: 0.95.7
OpenPGP: id=D076FFF1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "" <>, Fernando Gont <>
Subject: Re: [tcpm] comments on draft-ietf-tcpm-icmp-attacks-05
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 11 Jun 2009 08:30:15 -0000

Hello, Wes,

Comments in-line....

> As both a WG-participant and co-chair, I think that the
> Appendix A explanations of which ICMPs need to be paid
> attention to because some of them say things that I'm
> not sure are totally supported by prior RFCs.  

Any specific issues?

> For
> instance, I'm not certain that setting the DF bit is
> only possible for hosts that support PMTUD ... is there
> a reference for that?  

What's the reason for setting the DF flag for IP packets carrying TCP
segments if you don't implement PMTUD?

Actually, if you don't implement PMTUD, "frag needed" becomes a hard
error. So setting the DF flag would be sort of dumb, as in the event one
of your segments needs to be fragmented, you'd received an ICMP "frag
needed" message, which would reset your connection.

> Further, it discusses ambiguity
> in 1122, that we should be clarifying in the main text
> rather than an appendix, I think ... what does the rest
> of the WG think?

The appendix was at some point part of the main text. I moved the text
into an appendix probably on request of somebody, but not because I
thought the text should be there. So I have no problem moving the
entirre appendix (or part of it) back into the main part of the document.


Kind regards,
Fernando Gont
e-mail: ||
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1