IETF Logo Mail Archive

Re: I-D.ietf-v6ops-cpe-simple-security-09 - ICMP Error Messages

james woodyatt <jhw@apple.com> Thu, 11 March 2010 20:34 UTC

Return-Path: <owner-v6ops@ops.ietf.org>
X-Original-To: ietfarch-v6ops-archive@core3.amsl.com
Delivered-To: ietfarch-v6ops-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 813CB3A6BC9 for <ietfarch-v6ops-archive@core3.amsl.com>; Thu, 11 Mar 2010 12:34:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.608
X-Spam-Level:
X-Spam-Status: No, score=-104.608 tagged_above=-999 required=5 tests=[AWL=-0.413, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eLs6p0dpLddC for <ietfarch-v6ops-archive@core3.amsl.com>; Thu, 11 Mar 2010 12:34:28 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 893963A6BFE for <v6ops-archive@lists.ietf.org>; Thu, 11 Mar 2010 12:23:39 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-v6ops@ops.ietf.org>) id 1Npooy-0001Sj-Ul for v6ops-data0@psg.com; Thu, 11 Mar 2010 20:17:28 +0000
Received: from [17.254.13.22] (helo=mail-out3.apple.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.71 (FreeBSD)) (envelope-from <jhw@apple.com>) id 1Npoow-0001SA-Lr for v6ops@ops.ietf.org; Thu, 11 Mar 2010 20:17:26 +0000
Received: from relay11.apple.com (relay11.apple.com [17.128.113.48]) by mail-out3.apple.com (Postfix) with ESMTP id 9EF4D88F291B; Thu, 11 Mar 2010 12:17:25 -0800 (PST)
X-AuditID: 11807130-b7b0aae00000102c-34-4b994fd55dca
Received: from il0602f-dhcp114.apple.com (il0602f-dhcp114.apple.com [17.206.50.114]) (using TLS with cipher AES128-SHA (AES128-SHA/128 bits)) (Client did not present a certificate) by relay11.apple.com (Apple SCV relay) with SMTP id 97.BC.04140.5DF499B4; Thu, 11 Mar 2010 12:17:25 -0800 (PST)
Subject: Re: I-D.ietf-v6ops-cpe-simple-security-09 - ICMP Error Messages
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="iso-8859-1"
From: james woodyatt <jhw@apple.com>
In-Reply-To: <E4D58FF5-3728-46CD-9E20-F28EADC4D174@free.fr>
Date: Thu, 11 Mar 2010 12:17:25 -0800
Cc: IPv6 Operations <v6ops@ops.ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D5EAA555-09C2-4583-9F4C-02DB882A3CCA@apple.com>
References: <D6F5ACD2-EB43-477E-9F48-AC3EDB3F7EB4@apple.com> <E4D58FF5-3728-46CD-9E20-F28EADC4D174@free.fr>
To: Rémi Després <remi.despres@free.fr>
X-Mailer: Apple Mail (2.1077)
X-Brightmail-Tracker: AAAAAQAAAZE=
Sender: owner-v6ops@ops.ietf.org
Precedence: bulk
List-ID: <v6ops.ops.ietf.org>

On Mar 8, 2010, at 00:22, Rémi Després wrote:
> 
> In the draft, the only REC-n concerning ICMP is so far:
> "REC-16: If a gateway forwards a UDP exchange, it MUST also forward ICMP Destination Unreachable messages containing UDP headers that match the exchange state record."
> 
> In my understanding, what is needed is, for each of the transport protocols:
> "REC-n: If a gateway forwards a NNN exchange, it MUST also forward, in both directions, ICMP Error messages containing UDP headers that match the exchange state record."

Please also see REC-29, REC-34 and REC-38.

> - Forwarded error messages must be also for TCP, DCCP, etc., and must be more general than just Destination Unreachable: they must include in particular Packet Too Big notifications which are essential for IPv6 path-MTU discovery.

Agreed, but I'm now inclined to remove all four of those recommendations and insert an explicit recommendation into the "Stateless Filters" section that cites RFC 4890 and specifically references section 4.3.1 "Traffic The Must Not Be Dropped".

Does anyone object to that revision?


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering

v2.23.0 | Report a Bug | By Email