[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG last call for IPv4 AH and ESP


I substantively agree with your statement :

>  About the only exception is ICMP source quench, which I might respond
>  to by temporarily throttling a TCP window. This presents some
>  opportunities to degrade quality of network service, but nothing
>  really serious.

but there is one other example of an ICMP message from a router that might
degrade quality of network service, specifically, "packet too big". I talked
with Erik Nordmark here at Sun and we concluded that ICMP messages from
intermediate routers probably need not be authenticated, except when
degradation of service is a high priority of the network customers. Of course,
authentication of ICMP messages from first hop routers and destination
hosts is another issue.