Hi Brian, > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Brian Haberman > Sent: Friday, January 06, 2012 12:58 PM > To: [email protected] > Subject: Re: Fragmentation-related security issues > > Fred, > > On 1/6/12 3:52 PM, Templin, Fred L wrote: > > Hi Brian, > > > >> -----Original Message----- > >> From: Brian E Carpenter [mailto:[email protected]] > >> Sent: Friday, January 06, 2012 12:27 PM > >> To: Templin, Fred L > >> Cc: Havard Eidnes; [email protected]; [email protected] > >> Subject: Re: Fragmentation-related security issues > >> > >> On 2012-01-07 06:07, Templin, Fred L wrote: > >>> > >>> > >>>> -----Original Message----- > >>>> From: Havard Eidnes [mailto:[email protected]] > >>>> Sent: Friday, January 06, 2012 12:28 AM > >>>> To: Templin, Fred L > >>>> Cc: [email protected]; [email protected]; > >> [email protected] > >>>> Subject: Re: Fragmentation-related security issues > >>>> > >>>>>> The problem with RFC4821 (assumming the ICMP-free variant) is > >>>>>> that it has a longer convergnece time that ICMP-enabled PMTU. > >>>>> RFC4821 works even if there are no ICMPs, but will > >>>>> converge more quickly if there are ICMPs. That is why > >>>>> RFC4821 should be a SHOULD for hosts, and generation > >>>>> of ICMPs should be a MUST for routers. > >>>> Does not this also imply that ICMP-generating routers MUST use a > >>>> globally unique IPv6 address as the source of the ICMP? > >>> > >>> AFAICT, the normative reference is RFC4443, as cited > >>> in RFC6434. > >> > >> As I think we noticed recently in some other thread, there is > >> therefore an operational requirement that all routers must > >> possess at least one GUA. As far as I know, some routers can work > >> just fine for all other purposes with only link-local addresses. > > > > So - can't the router just autoconfigure a ULA and use > > it as the SA for ICMPs? > > The ULA will have no meaning for ICMP messages that leave the > administrative domain.
I don't think it needs to have meaning - unless there were some application that wanted to try to geo-locate the router based on the IP address? The ULA would only be there to placate the routing system, which cannot forward packets with LL source addresses. In general, though, AFAICT the source address of an ICMP error message such as PTB coming from the network of little value to the node in deciding whether to accept it. Thanks - Fred > Regards, > Brian > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
