On 2012-01-07 09:57, Brian Haberman wrote: > Fred, > > On 1/6/12 3:52 PM, Templin, Fred L wrote: >> Hi Brian, >> >>> -----Original Message----- >>> From: Brian E Carpenter [mailto:brian.e.carpen...@gmail.com] >>> Sent: Friday, January 06, 2012 12:27 PM >>> To: Templin, Fred L >>> Cc: Havard Eidnes; fg...@si6networks.com; ipv6@ietf.org >>> Subject: Re: Fragmentation-related security issues >>> >>> On 2012-01-07 06:07, Templin, Fred L wrote: >>>> >>>> >>>>> -----Original Message----- >>>>> From: Havard Eidnes [mailto:h...@uninett.no] >>>>> Sent: Friday, January 06, 2012 12:28 AM >>>>> To: Templin, Fred L >>>>> Cc: fg...@si6networks.com; brian.e.carpen...@gmail.com; >>> ipv6@ietf.org >>>>> Subject: Re: Fragmentation-related security issues >>>>> >>>>>>> The problem with RFC4821 (assumming the ICMP-free variant) is >>>>>>> that it has a longer convergnece time that ICMP-enabled PMTU. >>>>>> RFC4821 works even if there are no ICMPs, but will >>>>>> converge more quickly if there are ICMPs. That is why >>>>>> RFC4821 should be a SHOULD for hosts, and generation >>>>>> of ICMPs should be a MUST for routers. >>>>> Does not this also imply that ICMP-generating routers MUST use a >>>>> globally unique IPv6 address as the source of the ICMP? >>>> AFAICT, the normative reference is RFC4443, as cited >>>> in RFC6434. >>> As I think we noticed recently in some other thread, there is >>> therefore an operational requirement that all routers must >>> possess at least one GUA. As far as I know, some routers can work >>> just fine for all other purposes with only link-local addresses. >> So - can't the router just autoconfigure a ULA and use >> it as the SA for ICMPs? > > The ULA will have no meaning for ICMP messages that leave the > administrative domain.
That doesn't matter, to avoid the issue covered in the long thread "Routers forwarding packet with link local source" on v6ops last month. Brian C -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------