Hi Suresh, > -----Original Message----- > From: Suresh Krishnan [mailto:[email protected]] > Sent: Wednesday, May 20, 2015 8:46 AM > To: Templin, Fred L > Cc: [email protected]; [email protected]; Brian Haberman; > The IESG > Subject: Re: Kathleen Moriarty's Discuss on draft-ietf-intarea-gre-mtu-04: > (with DISCUSS) > > Hi Fred, > > <Trimmed excessive recipient list that keeps tripping the moderation filter> > > On 05/20/2015 11:13 AM, Templin, Fred L wrote: > > Hi, > > > >> -----Original Message----- > >> From: Brian Haberman [mailto:[email protected]] > >> Sent: Wednesday, May 20, 2015 7:58 AM > >> To: Ronald Bonica; Templin, Fred L; Suresh Krishnan; Carlos Pignataro > >> (cpignata) > >> Cc: Kathleen Moriarty; [email protected]; > >> [email protected]; [email protected]; draft-ietf- > >> [email protected]; The IESG; [email protected] > >> Subject: Re: Kathleen Moriarty's Discuss on draft-ietf-intarea-gre-mtu-04: > >> (with DISCUSS) > >> > >> Hi Ron, > >> > >> On 5/20/15 10:52 AM, Ronald Bonica wrote: > >>> Fred, > >>> > >>> Are we all talking about the same draft? The paragraph that you quote > >>> is not in Section 3.2 of draft-ietf-intarea-gre-mtu-04. > >> > >> No, he is referencing a completely different draft... > >> > >> https://tools.ietf.org/html/draft-ietf-intarea-gre-ipv6-07#section-3.2 > > > > Yes, the comments on MTU probing were intended for the GRE IPv6 draft; was > > out of the office for several days and away from email, so lost context and > > got > > off track. Sorry. > > No problem. It happens to the best of us.
Many thanks for extending the grace. > > However, in *this* draft I suggest adding the following trailing sentence > > to the > > final paragraph of the Security Considerations section: > > > > "These attacks can be mitigated when the ingress and egress are within > > the > > same well-managed administrative domain, where ingress filtering is > > employed > > to prevent source address spoofing." > > The draft has already been approved by the IESG. There needs to be a > high bar to add such text into the draft at this point. If the IESG > feels strongly about adding such text we can call for WG consensus to do so. It has only just recently occurred to me that standard PMTUD provides the best tunnel MTU determination mechanism *in environments where it is reliable and trustworthy*. Which is to say, a "well-managed administrative domain, where ingress filtering is employed to prevent source address spoofing.". Having gotten off track, I am not going to push hard for this but it is offered as something the IESG may wish to consider. Thanks - Fred [email protected] > Thanks > Suresh _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
