Re: [tcpm] comments on draft-ietf-tcpm-icmp-attacks-05

Fernando Gont <> Sun, 14 June 2009 00:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 425923A6800 for <>; Sat, 13 Jun 2009 17:32:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6Vu0Ie04H5Io for <>; Sat, 13 Jun 2009 17:32:40 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 3C6B83A6904 for <>; Sat, 13 Jun 2009 17:32:40 -0700 (PDT)
Received: by qyk31 with SMTP id 31so101635qyk.29 for <>; Sat, 13 Jun 2009 17:32:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=SvyLD8EmofJSA/YZufGEqkGzgplnO/5R6n680OODM6o=; b=oP9fYRqEaPVg29WrAcVxO/p0iV7l96v/dKtAOTlYwnA2BTLPjNVb23hPhAkhEYKxKJ mH1EXKHqq6b8oIXWy87yw9NFEzxMqa3JXSX5+w5p30TgueJDgQACI6Uu3WtRfCeS/oXc M0Ftwkicp75+x2oICGkIudtxp8t4UsSLphdFg=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=E+mFzlJpe/FzsroEJxoNI2gER/jUr6nIJfKzddBLx3MK3/izAilE3fV6C/bwg3lJYx Cjn0SQ4akZh56xikF+Mxt0q3NWuh+OSuwBdIAy//jUC2T+2Ch7EEMfSZVyhGhGQDuSF4 DDgtl00nRf77amEKKabCQZoPHCJxdtG5b50u4=
Received: by with SMTP id q2mr5859508qah.135.1244939566149; Sat, 13 Jun 2009 17:32:46 -0700 (PDT)
Received: from ? ( []) by with ESMTPS id 7sm1579315qwf.19.2009. (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 13 Jun 2009 17:32:45 -0700 (PDT)
Sender: Fernando Gont <>
Message-ID: <>
Date: Sat, 13 Jun 2009 21:32:40 -0300
From: Fernando Gont <>
User-Agent: Thunderbird (Windows/20090302)
MIME-Version: 1.0
To: "Eddy, Wesley M. (GRC-MS00)[Verizon]" <>
References: <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 0.95.7
OpenPGP: id=D076FFF1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "" <>, Fernando Gont <>
Subject: Re: [tcpm] comments on draft-ietf-tcpm-icmp-attacks-05
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 14 Jun 2009 00:32:41 -0000

Eddy, Wesley M. (GRC-MS00)[Verizon] wrote:

>>> For
>>> instance, I'm not certain that setting the DF bit is
>>> only possible for hosts that support PMTUD ... is there
>>> a reference for that?
>> What's the reason for setting the DF flag for IP packets carrying TCP
>> segments if you don't implement PMTUD?
> I know of a number of embedded OS kernels and real-time systems
> that either don't implement IP reassembly or disable it.  Some
> of the stacks geared towards real-time will also set DF on the
> packets that they send as the frag/reassembly is presumed to be
> an impediment to guaranteeing their delay bounds.

What do these systems do when they receive a "frag needed" ICMP error
message? If they adapt the segment size, they implement some form of PMTUD.
If frag was needed (As indicated in the ICMP error message), and they
keep sending at the same segment size, the connection would time-out
(not good). If they don't do any of these, and follow RFC1122 instead,
they should reset the connection (not good, either).

>> The appendix was at some point part of the main text. I moved the text
>> into an appendix probably on request of somebody, but not because I
>> thought the text should be there. So I have no problem moving the
>> entirre appendix (or part of it) back into the main part of the
>> document.
> Oh, I didn't realize we'd already juggled it around :).
> It makes sense to me to analyze the different message
> types this way as motivation for the recommendations on
> how to treat them, which is why I expected it to be in
> the body, but if there was already consensus to have it
> as an appendix, then that's fine too.

No, I don't think there was consensus to move that stuff to an appendix.
It was probably the result of me honoring a suggestion I had received
from some folk.

Fernando Gont
e-mail: ||
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1