At 03:13 27/02/2005 -0600, [EMAIL PROTECTED] wrote:
> By the way, one additional ICMP attack that could possibly be
> included
> in 5.2:
>
> 6. As the ICMP messages are passed to the upper-layer
> processes, it
>is possible to perform attacks on the upper layer protocols
>(e.g.,
On Sun, 27 Feb 2005 [EMAIL PROTECTED] wrote:
Some informal text, helping the ICMPv6 implementers to understand the
IPsec processing issues, should be still OK.
I agree. The knob of whether unauthenticated ICMP packets
should be accepted or dropped also falls under IPsec module
while implementing.
Pekka,
Comments inline..
> (Btw, maybe we could add "This document Updates RFC 2780." in the
> Introduction, satisfying Allison's that particular comment.)
Another thread going on about this. Please see my
mail and respond to my comments :)
> Now that there is a document which describes how t
Hi,
(Btw, maybe we could add "This document Updates RFC 2780." in the
Introduction, satisfying Allison's that particular comment.)
On Sun, 27 Feb 2005 [EMAIL PROTECTED] wrote:
Did you mean that the new ICMP RFC requires a configuration
knob to be able to configure this behaviour (this is how
I re
Pekka,
Comments inline..
> Actually, 2401bis has not been approved yet; it is past the first
> round of IESG evaluation, but there are still substantial IESG issues
> to iron out. It'll take a while.
>
> But even beyond that, 2401bis would be first going to Proposed
> Standard (and maybe rec
On Thu, 24 Feb 2005 [EMAIL PROTECTED] wrote:
I looked at ESP and AH old and bis RFCs. The section on
how to handle ICMP packets is not part of those RFCs. The
section "ICMP Processing" was actually part of 2401 and
now 2401bis. So I guess, we need to modify the text in
ICMP RFC and add 2401bis t
Hi All,
Allison had the following comment to the ICMPv6 draft as
part of the IESG review:
> 1. IPSec processing considerations about ICMP are enough
>different in the bis ESP and AH specs that I think this
>document should update to require these (just approved).
I looked at ESP and AH