> > which in turn would prevent all communications. Also, as per RFC
> > 2401 we do not in general have the possibility to specify policies
> > for individual ICMP message types.
>
> This passed the IESG in RFC 2894 (so it must be true):
>
>
> Note that for the SPD to distinguish Router Renumbering from other
> ICMP packets requires the use of the ICMP Type field as a selector.
> This is consistent with, although not mentioned by, the Security
> Architecture specification [IPSEC].
>
> It's no contradiction with what you said, though.
It should also be said that many ipsec implementors recognize the need
to have special support for icmp in ipsec policy; besides icmp type,
there's also the matter of protecting icmp errors using the "same"
policy as the traffic that generated them..
- Bill
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------