Hi, Vic, Thanks so much for your feedback! -- Please find my comments in-line...
On 09/11/2014 12:15 AM, Vic Liu wrote: > > I read the document and think it is important work. In particular, I > would be very glad to see this type of filtering implemented in CPE > devices. Are you aware if Linux implements this? Don't recall if I ever checked. But I will, and will come back to you. > Section 4 should clarify that this filtering must be performed on icmp > error messages. Document says 'SHOULD perform ingress filtering on the > Destination Address of the IP packet embedded in the ICMP payload', but > this does not apply to other icmp messages like icmp echo request and reply. You're right. We will update the text to: IP nodes enforcing IP ingress filtering SHOULD perform ingress filtering on the Destination Address of the IP packets embedded in the payload of ICMP error messages. Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
