Hi, > -----Original Message----- > From: Brian Haberman [mailto:[email protected]] > Sent: Wednesday, May 20, 2015 7:58 AM > To: Ronald Bonica; Templin, Fred L; Suresh Krishnan; Carlos Pignataro > (cpignata) > Cc: Kathleen Moriarty; [email protected]; > [email protected]; [email protected]; draft-ietf- > [email protected]; The IESG; [email protected] > Subject: Re: Kathleen Moriarty's Discuss on draft-ietf-intarea-gre-mtu-04: > (with DISCUSS) > > Hi Ron, > > On 5/20/15 10:52 AM, Ronald Bonica wrote: > > Fred, > > > > Are we all talking about the same draft? The paragraph that you quote > > is not in Section 3.2 of draft-ietf-intarea-gre-mtu-04. > > No, he is referencing a completely different draft... > > https://tools.ietf.org/html/draft-ietf-intarea-gre-ipv6-07#section-3.2
Yes, the comments on MTU probing were intended for the GRE IPv6 draft; was out of the office for several days and away from email, so lost context and got off track. Sorry. However, in *this* draft I suggest adding the following trailing sentence to the final paragraph of the Security Considerations section: "These attacks can be mitigated when the ingress and egress are within the same well-managed administrative domain, where ingress filtering is employed to prevent source address spoofing." Thanks - Fred [email protected] > Regards, > Brian > > > > > Ron > > > > > >> > >> That would be an informational; this document is being offered as > >> standards- track. In Section 3.2, it says: > >> > >> "Before activating a GRE tunnel and periodically thereafter, the > >> GRE ingress node MUST execute procedures that verify the tunnel's > >> ability to carry a 1280-byte IPv6 payload packet from ingress to > >> egress, without fragmenting the payload. Having executed those > >> procedures, the GRE ingress node MUST activate or deactivate the > >> tunnel accordingly." > >> _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
