[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: WG last call for IPv4 AH and ESP
Phil,
I substantively agree with your statement :
> About the only exception is ICMP source quench, which I might respond
> to by temporarily throttling a TCP window. This presents some
> opportunities to degrade quality of network service, but nothing
> really serious.
but there is one other example of an ICMP message from a router that might
degrade quality of network service, specifically, "packet too big". I talked
with Erik Nordmark here at Sun and we concluded that ICMP messages from
intermediate routers probably need not be authenticated, except when
degradation of service is a high priority of the network customers. Of course,
authentication of ICMP messages from first hop routers and destination
hosts is another issue.
Dan