On 22/06/2013 07:53, Ronald Bonica wrote: >> I don't 100% agree. In the case that PMTUD is broken, there'd be >> nothing to stop a current DNSSEC implementation from always assuming a >> default path MTU of 1280, without awaiting confirmation from PMTUD, and >> fragmenting the UDP packet pre-emptively [assuming fragmentation was >> not equally broken along the path as ICMP PTB was]. >> > > Do any implementations actually do this? > > If they do, how well are they working, today?
Does it matter? Since we know that fragmentation is broken on some paths due to broken firewalls, and that other paths have tunnels on them, and that MSS negotiation fails on some paths, today's sad reality is that the only safe link MTU for all times and places is 1280. I'm not yet convinced that deprecating fragmentation is sufficient to fix this problem. In this case, not being sufficient might also mean not necessary, so I'd like to see much more thorough analysis across the IETF as a whole before reaching a conclusion. (Thanks to the authors for coming out and saying it, though.) Brian -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
