On 08/19/2014 01:48 PM, Jeroen Massar wrote: >> Should we include something alng this lines to the countermeasures >> listed in draft-gont-v6ops-ipv6-ehs-in-real-world, or were you thinking >> about something else? > > While it kind-of has a place there, (ipv6-ehs-in-real-world) is a > "current state of the Internet" regarding this problem, it thus > introduces the problem. > > Hence, a short, separate document which updates ICMPv4 + ICMPv6 > referencing that draft would be more appropriate IMHO.
Ok, makes sense. >>> Hence, why it is a good idea to do the same checks for IPv4 too >>> and why I avoid mentioning what kind of attack it was solving. >>> It is just good hygiene to check validity of things. >> >> FWIW, I had posted this thingy a while ago: >> <http://www.gont.com.ar/papers/filtering-of-icmp-error-messages.pdf> >> -- essentially BCP38 on the ICMPv4 payload.. > > aka RFC 5927, though only informational even though it went through WG > review it seems. It took 7 years to publish... and not because of slacking. It was insane. :-) Cheers, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
