Path MTU discovery in the presence of security gateways
draft-richardson-ipsec-pmtu-discov-02

Document Type Expired Internet-Draft (individual)
Last updated 1998-09-04
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-richardson-ipsec-pmtu-discov-02.txt

Abstract

This document describes the problem of getting accurate Path MTU infor- mation in the presence of untrusted routers. Typical Path MTU discovery is done by sending packets with the don't fragment bit set, and listen- ing for ICMP messages from routers that want to fragment the packets. Unfortunately, these messages could be forged, and IPsec based security system(s) can not pass make direct use of these messages. An alternate, backwards compatible algorithm is suggested.

Authors

Michael Richardson (mcr@sandelman.ottawa.on.ca)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)