> -----Original Message----- > From: Eric Vyncke (evyncke) [mailto:evyn...@cisco.com] > Sent: Tuesday, January 03, 2012 1:53 PM > To: Dan Wing (dwing) > Cc: ipv6@ietf.org > Subject: RE: Fragmentation-related security issues > > > -----Original Message----- > > From: ipv6-boun...@ietf.org [mailto:ipv6-boun...@ietf.org] On Behalf > Of Dan > > Wing (dwing) > > > So, I don't think we can just wish away packet-too-big < 1280. > > Rather than dropping those ICMP PTB, let's accept them but let the OS > decide which is the minimum size path MTU that it can > accept/tolerate... > - For a server, this min path MTU should be large (to avoid DoS) > - For a host, this min path MTU could be small > > Of course, if the path is symmetric, the path MTU will be the same on > both direction (assuming everything is well configured). > > OTOH, as written by Jared, let's fail it hard so it is noticeable by > the user is another technique... but with a dual-stack and happy eye- > ball, the end-user will notice nothing and will stay happy with IPv4.
Happy Eyeballs, is spec'd and as implemented by Chrome and Firefox, and I think also as implemented by Apple, will _not_ fail nicely on Path MTU Discovery problems. It will only fail nicely if connectivity fails (that is, unable to establish the TCP connection). -d -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
