Path MTU discovery in the presence of security gateways
draft-richardson-ipsec-pmtu-discov-02
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Author | Michael Richardson | ||
Last updated | 1998-09-04 | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document describes the problem of getting accurate Path MTU infor- mation in the presence of untrusted routers. Typical Path MTU discovery is done by sending packets with the don't fragment bit set, and listen- ing for ICMP messages from routers that want to fragment the packets. Unfortunately, these messages could be forged, and IPsec based security system(s) can not pass make direct use of these messages. An alternate, backwards compatible algorithm is suggested.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)