Broken and misconfigured network elements will always exist. We needn't create solutions for everyone's problems that should be addressed otherwise.
Jared Mauch On Jan 3, 2012, at 8:23 PM, "Dan Wing" <[email protected]> wrote: >> -----Original Message----- >> From: Eric Vyncke (evyncke) [mailto:[email protected]] >> Sent: Tuesday, January 03, 2012 1:53 PM >> To: Dan Wing (dwing) >> Cc: [email protected] >> Subject: RE: Fragmentation-related security issues >> >>> -----Original Message----- >>> From: [email protected] [mailto:[email protected]] On Behalf >> Of Dan >>> Wing (dwing) >> >>> So, I don't think we can just wish away packet-too-big < 1280. >> >> Rather than dropping those ICMP PTB, let's accept them but let the OS >> decide which is the minimum size path MTU that it can >> accept/tolerate... >> - For a server, this min path MTU should be large (to avoid DoS) >> - For a host, this min path MTU could be small >> >> Of course, if the path is symmetric, the path MTU will be the same on >> both direction (assuming everything is well configured). >> >> OTOH, as written by Jared, let's fail it hard so it is noticeable by >> the user is another technique... but with a dual-stack and happy eye- >> ball, the end-user will notice nothing and will stay happy with IPv4. > > Happy Eyeballs, is spec'd and as implemented by Chrome and Firefox, > and I think also as implemented by Apple, will _not_ fail nicely > on Path MTU Discovery problems. It will only fail nicely if > connectivity fails (that is, unable to establish the TCP > connection). > > -d > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
