[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ICMP "Destination unreachable" - should it be sent?

Mike,

>Henry Spencer writes:
>  > On Wed, 27 Sep 2000, Stefan Schlott wrote:
>  > > ..."Destination Unreachable Message
>  > > Code 1 - communication with destination administratively prohibited"
>  > > Should this message be sent when a packet does not conform to the local
>  > > security policy database (spd), or should such packets be silently dis-
>  > > carded?
>  >
>  > The central question is whether the ICMP message is believable.
>  >
>  > If it will flow via an authenticated path (e.g. an IPsec tunnel) or via a
>  > physically-secure path (e.g. on the "interior" side of a security gateway,
>  > where plaintext communication is normal), then sending it is probably
>  > wise... although administrators might want to be able to control that.
>  >
>  > If it will flow via an insecure path, then what good is it?  The receiver
>  > can't trust it to tell the truth.  At most, it might give the receiver a
>  > hint that communications difficulties are occurring, but the receiver
>  > cannot trust that report without confirming it by other means.
>
>    This strikes me as completely backward: the sender should *always*
>    send it. It is the *receiver's* job to determine whether it is
>    believable. Having the sender second guess what the receiver
>    should and should not discard sounds like a great way to cause
>    an interoperability deadlock.

A receiving end system that has an IPsec Sg somewhere in front of it 
is not necessarily able to know whether the sender is a secure 
source. I interpret Henry's advice in the context of that SG, and 
there is seems appropriate.
Steve
Follow-Ups: