Re: ICMP and unknown extension headers?

Steven M. Bellovin Fri, 16 Jun 2000 01:17:45 -0700

In message <Roam.SIMC.2.0.6.961133446.24680.nordmark@jurassic>, Erik Nordmark w
rites:
>
>> At the point in time at which one looks at a Next Header field and
>> determines that its value is unknown, that field is at some known offset
>> from the packet start (known to the node doing the inspection, that is).
>> The packet (or as much of it as will fit) will be sent back to the source
>> in the ICMP error message, and the offset will point to the troublesome
>> Next Header field in that returned packet.
>
>Sorry for my confusion.
>
>I don't know what the security crowd thinks about decrypting a packet
>and then including at least part of that packet in an ICMP error
>that might be sent in the clear. But that is a different issue.
>

The security folks *really* don't like that sort of thing...  If it's 
sent encrypted, any replies containing it MUST be encrypted.

                --Steve Bellovin


--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------

Re: ICMP and unknown extension headers?

Reply via email to