Re: A fun smackdown...

["Steven M. Bellovin" <smb () cs columbia edu>]

In message <6.2.0.14.2.20050520220022.0712ea20 () mail ranum com>, "Marcus J. Ranu
m" writes:
> > > How about excessive ICMP filtering breaking path MTU discovery?
>
> Another perfect example of a bunch of egg-heads in the IETF
> coming up with a mechanism for doing something that
> completely ignored existing implementations of security
> systems - and breaks as a result. The PMTU discovery
> mechanism, using ICMP, was moronic design from the get-go.

Path MTU was standardized in RFC 1191, from November 1990.  Virtually no 
one had firewalls back then.  It didn't "ignore existing 
implementations of security systems" because there were almost none.

                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards