[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ICMP "Destination unreachable" - should it be sent?
Henry Spencer writes:
> On Wed, 27 Sep 2000, Stefan Schlott wrote:
> > ..."Destination Unreachable Message
> > Code 1 - communication with destination administratively prohibited"
> > Should this message be sent when a packet does not conform to the local
> > security policy database (spd), or should such packets be silently dis-
> > carded?
>
> The central question is whether the ICMP message is believable.
>
> If it will flow via an authenticated path (e.g. an IPsec tunnel) or via a
> physically-secure path (e.g. on the "interior" side of a security gateway,
> where plaintext communication is normal), then sending it is probably
> wise... although administrators might want to be able to control that.
>
> If it will flow via an insecure path, then what good is it? The receiver
> can't trust it to tell the truth. At most, it might give the receiver a
> hint that communications difficulties are occurring, but the receiver
> cannot trust that report without confirming it by other means.
This strikes me as completely backward: the sender should *always*
send it. It is the *receiver's* job to determine whether it is
believable. Having the sender second guess what the receiver
should and should not discard sounds like a great way to cause
an interoperability deadlock.
Mike
References: