[137520] in North American Network Operators' Group
Re: NIST and SP800-119
daemon@ATHENA.MIT.EDU (Mohacsi Janos)
Tue Feb 15 11:47:01 2011
Date: Tue, 15 Feb 2011 17:46:01 +0100 (CET)
From: Mohacsi Janos <mohacsi@niif.hu>
To: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <4969A10C-621E-4F28-85A3-B1FA3F974D60@cs.columbia.edu>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, 15 Feb 2011, Steven Bellovin wrote:
>
> On Feb 15, 2011, at 10:36 54AM, William Herrin wrote:
>
>> On Tue, Feb 15, 2011 at 10:09 AM, Joe Abley <jabley@hopcount.ca> wrote:
>>> On 2011-02-14, at 21:41, William Herrin wrote:
>>>> On Mon, Feb 14, 2011 at 7:24 PM, TR Shaw <tshaw@oitc.com> wrote:
>>>>> Just wondering what this community thinks of NIST in
>>>>> general and their SP800-119 (
>>>>> http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf )
>>>>> writeup about IPv6 in particular.
>>>>
>>>> Well, according to this document IPv4 path MTU discovery is,
>>>> "optional, not widely used."
>>>
>>> Optional seems right. Have there been any recent studies on how widely pMTUd is actually used in v4?
>>
>> Hi Joe,
>>
>> Are you aware of a TCP implementation in an OS that shipped within the
>> last decade but doesn't enable IPv4 pMTUd by default? Each version of
>> Windows and all the major unixes use it on every TCP connection unless
>> you explicitly turn it off.
>>
> All modern TCPs support it; many firewalls are configured to block the necessary ICMPs.
Then probably blackholing themselves the firewall operators....
Best Regards,
Janos Mohacsi
