Hi, Gorry, On 01/16/2012 05:15 AM, go...@erg.abdn.ac.uk wrote: > I'm OK with removing the requirement (MUST), but I think the > recommendation is not entirely bad to discard fragments that may follow - > albeit for a limited time and subject to finding a way to implement.
It's not that it's "bad". It's that if it is assumed that overlapping fragment are malicious traffic (i.e., it cannot originate from legitimate sources), then there's not much motivoation to do more work (e.g., first prun the fragments, then the "state") or tie system resources (such as those needed to keep state for "future fragments" of that packet). Thanks, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------