idnits 2.17.1 draft-ietf-ipsec-icmp-handle-v4-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-25) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 4) being 176 lines == It seems as if not all pages are separated by form feeds - found 13 form feeds but 16 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 31: '...Y be forwarded, and MUST be forwarded....' Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 1998) is 9354 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 8 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Michael Richardson mcr@sandelman.ottawa.on.ca 2 INTERNET-DRAFT Sandelman Software Works 3 v1.0, September 1998 4 Expires in six months 6 IPv4 ICMP messages and IPsec security gateways 8 Status of This memo 10 This document is an Internet-Draft. Internet-Drafts are working 11 documents of the Internet Engineering Task Force (IETF), its areas, 12 and its working groups. Note that other groups may also distribute 13 working documents as Internet-Drafts. 15 Internet-Drafts are draft documents valid for a maximum of six 16 months and may be updated, replaced, or obsoleted by other documents 17 at any time. It is inappropriate to use Internet-Drafts as reference 18 material or to cite them other than as ``work in progress.'' 20 To learn the current status of any Internet-Draft, please check 21 the ``1id-abstracts.txt'' listing contained in the Internet-Drafts 22 Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), 23 munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), 24 or ftp.isi.edu (US West Coast). 26 Abstract 28 This document enumerates the list of ICMP messages that a security gate- 29 way may receive and provides an analysis of if and how a gateway should 30 handle them. Three options types of behaviour are enumerated: discard, 31 MAY be forwarded, and MUST be forwarded. 33 Table of Contents 35 1. Introduction to the problem . . . . . . . . . . . . . . . . . . 4 36 2. ICMP Messages HEADER-2 . . . . . . . . . . . . . . . . . . . . . 4 37 2.1.1. All types HEADER-4 . . . . . . . . . . . . . . . . . . . 4 38 2.1.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 4 39 2.1.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 4 40 2.2. Destination Unreachable . . . . . . . . . . . . . . . . . . 4 41 2.2.1. Host Unreachable . . . . . . . . . . . . . . . . . . . . 4 42 2.2.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 5 43 2.2.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 5 44 2.2.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 5 45 2.2.2. Comm. w/Dest. Host is Administratively Prohibited . . . 5 46 2.2.2.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 5 47 2.2.2.2. Black . . . . . . . . . . . . . . . . . . . . . . . 5 48 2.2.2.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 5 49 2.2.3. Destination Host Unreachable for Type of Service . . . . 5 50 2.2.3.2. Black . . . . . . . . . . . . . . . . . . . . . . . 5 51 2.2.3.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 6 52 2.2.4. Communication Administratively Prohibited . . . . . . . 6 53 2.2.4.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 6 54 2.2.4.2. Black . . . . . . . . . . . . . . . . . . . . . . . 6 55 2.2.4.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 6 56 2.2.5. Precedence cutoff in effect . . . . . . . . . . . . . . 6 57 2.2.5.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 6 58 2.2.5.2. Black . . . . . . . . . . . . . . . . . . . . . . . 6 59 2.2.5.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 6 60 2.3. RFC792 Source Quench . . . . . . . . . . . . . . . . . . . . 6 61 2.3.1. All types . . . . . . . . . . . . . . . . . . . . . . . 6 62 2.3.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 6 63 2.3.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 6 64 2.3.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 7 65 2.4. Redirect. . . . . . . . . . . . . . . . . . . . . . . . . . 7 66 2.4.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 7 67 2.4.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 7 68 2.4.2. Redirect Datagram for the Type of Service and Host . . . 7 69 2.4.2.2. Black . . . . . . . . . . . . . . . . . . . . . . . 7 70 2.4.2.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 7 71 2.5. Alternate Host Address . . . . . . . . . . . . . . . . . . . 7 72 2.5.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 7 73 2.5.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 8 74 2.5.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 8 75 2.6. Echo Request . . . . . . . . . . . . . . . . . . . . . . . . 8 76 2.6.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 8 77 2.6.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 8 78 2.6.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 8 79 2.7. Time Exceeded . . . . . . . . . . . . . . . . . . . . . . . 8 80 2.7.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 8 81 2.7.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 8 82 2.7.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 8 83 2.8. Parameter Problem . . . . . . . . . . . . . . . . . . . . . 8 84 2.8.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 8 85 2.8.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 9 86 2.8.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 9 87 2.9. Timestamp. . . . . . . . . . . . . . . . . . . . . . . . . . 9 88 2.9.1. All type codes . . . . . . . . . . . . . . . . . . . . . 9 89 2.9.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 9 90 2.9.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . . 9 91 2.10. Timestamp Reply . . . . . . . . . . . . . . . . . . . . . . 9 92 2.10.1. All type codes . . . . . . . . . . . . . . . . . . . . 9 93 2.10.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 9 94 2.10.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 9 95 2.11. Information Request . . . . . . . . . . . . . . . . . . . . 9 96 2.11.1. All type codes . . . . . . . . . . . . . . . . . . . . 10 97 2.11.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 10 98 2.11.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 10 99 2.12. Information Reply . . . . . . . . . . . . . . . . . . . . . 10 100 2.12.1. All type codes . . . . . . . . . . . . . . . . . . . . 10 101 2.12.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 10 102 2.12.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 10 103 2.13. Address Mask Request . . . . . . . . . . . . . . . . . . . 10 104 2.13.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 10 105 2.13.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 10 106 2.13.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 10 107 2.14. Traceroute. . . . . . . . . . . . . . . . . . . . . . . . . 11 108 2.14.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 11 109 2.14.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 11 110 2.14.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 11 111 2.15. Datagram Conversion Error . . . . . . . . . . . . . . . . . 11 112 2.15.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 11 113 2.15.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 11 114 2.15.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 11 115 2.16. Mobile Host Redirect . . . . . . . . . . . . . . . . . . . 11 116 2.16.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 11 117 2.16.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 11 118 2.16.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 11 119 2.17. IPv6 Where-Are-You . . . . . . . . . . . . . . . . . . . . 12 120 2.17.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 12 121 2.17.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 12 122 2.17.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 12 123 2.18. IPv6 I-Am-Here . . . . . . . . . . . . . . . . . . . . . . 12 124 2.18.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 12 125 2.18.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 12 126 2.18.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 12 127 2.19. Mobile Registration Request . . . . . . . . . . . . . . . . 12 128 2.19.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 12 129 2.19.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 12 130 2.19.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 12 131 2.20. Mobile Registration Reply . . . . . . . . . . . . . . . . . 13 132 2.20.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 13 133 2.20.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 13 134 2.20.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 13 135 2.21. Domain Name Request . . . . . . . . . . . . . . . . . . . . 13 136 2.21.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 13 137 2.21.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 13 138 2.21.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 13 139 2.22. Domain Name Reply . . . . . . . . . . . . . . . . . . . . . 13 140 2.22.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 13 141 2.22.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 13 142 2.22.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 13 143 2.23. SKIP . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 144 2.23.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 14 145 2.23.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 14 146 2.23.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 14 147 2.24. Photoris . . . . . . . . . . . . . . . . . . . . . . . . . 14 148 2.24.1. All type codes . . . . . . . . . . . . . . . . . . . . 14 149 2.24.1.1. Red . . . . . . . . . . . . . . . . . . . . . . . . 14 150 2.24.1.2. Black . . . . . . . . . . . . . . . . . . . . . . . 14 151 2.24.1.3. Tunnel . . . . . . . . . . . . . . . . . . . . . . 14 152 3. Security Considerations: . . . . . . . . . . . . . . . . . . . . 14 153 4. References: . . . . . . . . . . . . . . . . . . . . . . . . . . 14 154 4.1. Author's Address . . . . . . . . . . . . . . . . . . . . . . 15 155 4.2. Expiration and File Name . . . . . . . . . . . . . . . . . . 16 156 --toc-- 157 --toc-- 158 --toc-- 159 --toc-- 160 --toc-- 161 --toc-- 162 --toc-- 163 --toc-- 164 --toc-- 165 --toc-- 166 --toc-- 167 --toc-- 169 1. Introduction to the problem 171 An introduction to the porblem and terminology for this document is 172 defined in ICMPIPSEC. 174 This document describes what option should be implemented for each ICMP 175 message type. 177 2. ICMP Messages HEADER-2 179 2.1. Echo Reply 181 Type 0, defined in RFC-0792. 183 2.1.1. All types HEADER-4 185 2.1.1.1. Red 187 Discard. 189 2.1.1.2. Black 191 Forward using ICMP SA. 193 2.1.1.3. Tunnel 195 Forward if arrived via ICMP SA. 197 2.2. Destination Unreachable 199 Type 3, defined in RFC-0792. 201 2.2.1. Host Unreachable 203 Code 1. 205 2.2.1.1. Red 207 Discard. Heuristically, it may be useful to accelerate the timeout of 208 any key management, as these messages may be accurate. 210 2.2.1.2. Black 212 Send via ISAKMP Notify message. No communication is possible to this 213 node. This is done via ISAKMP so that the originating gateway G1 can 214 cache this connectivity information, and avoid expending effort setting 215 up futile SAs for hosts that are not responding. This cache must 216 timeout. 218 2.2.1.3. Tunnel 220 Forward if it arrived via implicit ICMP. 222 2.2.2. Comm. w/Dest. Host is Administratively Prohibited 224 Code 10. 226 2.2.2.1. Red 228 Discard. Heuristically, it may be useful to accelerate the timeout of 229 any key management, as these messages may be accurate. 231 2.2.2.2. Black 233 Discard. It may be necessary to traverse additional firewalls/gateways. 234 If permitted by local policy, an attempt to set up a linked SA may be 235 made. 237 2.2.2.3. Tunnel 239 Forward if it arrived via implicit ICMP. It may be required that the end 240 host (E1) establish an end-to-end SA with E2. 242 2.2.3. Destination Host Unreachable for Type of Service 244 Code 12 HEADER-4 246 2.2.3.1. Red 248 Discard. Heuristically, it be a sign that RSVP or another resource 249 reservation protocol should have been used to get an appropriate QoS. It 250 may also be a sign that an attempt to get/use a particular QoS was 251 inappropriate. It should be logged. 253 2.2.3.2. Black 255 Forward via implicit ICMP. 257 2.2.3.3. Tunnel 259 Forward if it arrived via implicit ICMP. 261 2.2.4. Communication Administratively Prohibited 263 Code 13. From RFC1812 265 2.2.4.1. Red 267 Discard. ?? 269 2.2.4.2. Black 271 Discard. ?? 273 2.2.4.3. Tunnel 275 Discard. ?? 277 2.2.5. Precedence cutoff in effect 279 Code 15. From RFC1812 281 2.2.5.1. Red 283 Discard. ?? 285 2.2.5.2. Black 287 Discard. ?? 289 2.2.5.3. Tunnel 291 Discard. ?? 293 2.3. RFC792 Source Quench 295 Type 4. From RFC792 297 2.3.1. All types 299 2.3.1.1. Red 301 Discard. ?? 303 2.3.1.2. Black 305 Discard. ?? 306 2.3.1.3. Tunnel 308 Discard. ?? 310 2.4. Redirect. 312 Type 5. From RFC792. HEADER-3 314 2.4.1. Redirect Datagram for the Host 316 Code 1. RFC792 HEADER-4 318 2.4.1.1. Red 320 Discard. This may be an attempt to cause a denial of service attack. 322 2.4.1.2. Black 324 Discard. It may be reasonable to pay attention to this datagram locally. 326 2.4.1.3. Tunnel 328 Forward if it arrived via an implicit ICMP SA. It may be that future 329 load sharing systems may attempt to have an end host switch its route to 330 another security gateway. 332 2.4.2. Redirect Datagram for the Type of Service and Host 334 Code 3. RFC792 HEADER-4 336 2.4.2.1. Red 338 Discard. This may be an attempt to cause a denial of service attack. 340 2.4.2.2. Black 342 Do not forward. It may be reasonable to pay attention to this datagram 343 locally. 345 2.4.2.3. Tunnel 347 Discard. This may be an attempt to cause a denial of service attack. 349 2.5. Alternate Host Address 351 Type 5. HEADER-3 353 2.5.1. All types 355 2.5.1.1. Red 357 Discard. 359 2.5.1.2. Black 361 Discard. 363 2.5.1.3. Tunnel 365 Discard. 367 2.6. Echo Request 369 Type 8. HEADER-3 371 2.6.1. All type codes 373 2.6.1.1. Red 375 Discard. 377 2.6.1.2. Black 379 Forward via explicit ICMP SA. 381 2.6.1.3. Tunnel 383 Forward if arrived via implicit ICMP SA. 385 2.7. Time Exceeded 387 Type 11. HEADER-3 389 2.7.1. All type codes 391 2.7.1.1. Red 393 Discard. Heuristically, this is a sign that one should perform 394 additional PMTU probes. 395 2.7.1.2. Black 397 Forward via implicit ICMP SA. 399 2.7.1.3. Tunnel 401 Forward if it arrived via implicit ICMP SA. It may be reasonable to 402 modify the maximum packet size to account for the SA's overhead if the 403 total is larger than the PMTU from G1 to G2. 405 2.8. Parameter Problem 407 Type 12. RFC792, RFC1108. HEADER-3 409 2.8.1. All type codes 410 2.8.1.1. Red 412 Discard. 414 2.8.1.2. Black 416 Forward via implicit ICMP. 418 2.8.1.3. Tunnel 420 Forward if it arrived via implicit ICMP. 422 2.9. Timestamp. 424 2.9.1. All type codes 426 Type 13. RFC792. HEADER-4 428 2.9.1.1. Red 430 Discard. ?? 432 2.9.1.2. Black 434 Discard. ?? 436 2.9.1.3. Tunnel 438 Discard. ?? 440 2.10. Timestamp Reply 442 2.10.1. All type codes 444 Type 14. RFC792 HEADER-4 446 2.10.1.1. Red 448 Discard. ?? 450 2.10.1.2. Black 452 Discard. ?? 454 2.10.1.3. Tunnel 456 Discard. ?? 457 2.11. Information Request 459 2.11.1. All type codes 461 Type 15. RFC792 HEADER-4 463 2.11.1.1. Red 465 Discard. ?? 467 2.11.1.2. Black 469 Discard. ?? 471 2.11.1.3. Tunnel 473 Discard. ?? 475 2.12. Information Reply 477 2.12.1. All type codes 479 Type 16. RFC792 HEADER-4 481 2.12.1.1. Red 483 Discard. ?? 485 2.12.1.2. Black 487 Discard. ?? 489 2.12.1.3. Tunnel 491 Discard. ?? 493 2.13. Address Mask Request 495 Type 17. See RFC950 HEADER-3 497 2.13.1. All type codes 499 2.13.1.1. Red 501 Discard. ?? 503 2.13.1.2. Black 505 Discard. ?? 507 2.13.1.3. Tunnel 509 Discard. ?? 510 2.14. Traceroute. 512 Type 30. See RFC1393 HEADER-3 514 2.14.1. All type codes 516 2.14.1.1. Red 518 Discard. ?? 520 2.14.1.2. Black 522 Discard. ?? 524 2.14.1.3. Tunnel 526 Discard. ?? 528 2.15. Datagram Conversion Error 530 Type 31. See RFC1475 HEADER-3 532 2.15.1. All type codes 534 2.15.1.1. Red 536 Discard. ?? 538 2.15.1.2. Black 540 Discard. ?? 542 2.15.1.3. Tunnel 544 Discard. ?? 546 2.16. Mobile Host Redirect 548 Type 32. See Johnson HEADER-3 550 2.16.1. All type codes 552 2.16.1.1. Red 554 Discard. ?? 556 2.16.1.2. Black 558 Discard. ?? 560 2.16.1.3. Tunnel 562 Discard. ?? 563 2.17. IPv6 Where-Are-You 565 Type 33. Simpson HEADER-3 567 2.17.1. All type codes 569 2.17.1.1. Red 571 Discard. ?? 573 2.17.1.2. Black 575 Discard. ?? 577 2.17.1.3. Tunnel 579 Discard. ?? 581 2.18. IPv6 I-Am-Here 583 Type 34. Simpson HEADER-3 585 2.18.1. All type codes 587 2.18.1.1. Red 589 Discard. ?? 591 2.18.1.2. Black 593 Discard. ?? 595 2.18.1.3. Tunnel 597 Discard. ?? 599 2.19. Mobile Registration Request 601 Type 35. Simpson HEADER-3 603 2.19.1. All type codes 605 2.19.1.1. Red 607 Discard. ?? 609 2.19.1.2. Black 611 Discard. ?? 613 2.19.1.3. Tunnel 615 Discard. ?? 616 2.20. Mobile Registration Reply 618 Type 36. Simpson HEADER-3 620 2.20.1. All type codes 622 2.20.1.1. Red 624 Discard. ?? 626 2.20.1.2. Black 628 Discard. ?? 630 2.20.1.3. Tunnel 632 Discard. ?? 634 2.21. Domain Name Request 636 Type 37. Simpson HEADER-3 638 2.21.1. All type codes 640 2.21.1.1. Red 642 Discard. ?? 644 2.21.1.2. Black 646 Discard. ?? 648 2.21.1.3. Tunnel 650 Discard. ?? 652 2.22. Domain Name Reply 654 Type 38. Simpson HEADER-3 656 2.22.1. All type codes 658 2.22.1.1. Red 660 Discard. ?? 662 2.22.1.2. Black 664 Discard. ?? 666 2.22.1.3. Tunnel 668 Discard. ?? 669 2.23. SKIP 671 Type 39. See Markson HEADER-3 673 2.23.1. All type codes 675 2.23.1.1. Red 677 Discard. ?? 679 2.23.1.2. Black 681 Discard. ?? 683 2.23.1.3. Tunnel 685 Discard. ?? 687 2.24. Photoris 689 Type 40. See Simpson 691 2.24.1. All type codes 693 2.24.1.1. Red 695 Discard. ?? 697 2.24.1.2. Black 699 Discard. ?? 701 2.24.1.3. Tunnel 703 Discard. ?? 705 3. Security Considerations: 707 This entire document discusses a security protocol. 709 4. References: 711 RFC1825 712 R. Atkinson, "Security Architecture for the Internet Protocol", 713 RFC-1825, August 1995. 715 ICMPIPSEC 716 M. Richardson, "Options for handling ICMP messages that must be 717 forwarded" work in progress: draft-ietf-ipsec-icmp-options-00.txt, 718 September 1998 720 ICMPIPSECV4 721 M. Richardson, "IPv4 ICMP messages and IPsec security gateways" 722 work in progress: draft-ietf-ipsec-icmp-handle-v4.txt, September 723 1998 725 ICMPIPSECV6 726 M. Richardson, "IPv6 ICMP messages and IPsec security gateways" 727 work in progress: draft-ietf-ipsec-icmp-handle-v6-00.txt, 728 September 1998 730 ARCHSEC 731 R. Atkinson, S. Kent, "Security Architecture for the Internet 732 Protocol", work in progress: draft-ietf-ipsec-arch-sec-07.txt, 733 July 1998 735 RFC-1191 736 J. Mogul, S. Deering, "Path MTU Discovery", RFC-1191, November 737 1990. 739 KSM-AH 740 New AH draft. 742 metrics 743 I. M. ISP, "How fast can it go?", draft-ietf-metrics-00.txt, work 744 in progress: Jan. 20, 1997 746 Gupta97-1 747 V. Gupta, S. Glass, "Firewall Traversal for Mobile IP: Goals and 748 Requirements", draft-ietf-mobileip-ft-req-00.txt, work in 749 progress: Jan. 20, 1997 751 Gupta97-2 752 V. Gupta, S. Glass, "Firewall Traversal for Mobile IP: Guidelines 753 for Firewalls and Mobile IP entities", draft-ietf-mobileip- 754 firewall-trav-00.txt, work in progress: March 17, 1997 756 RFC1256 757 S. Deering, "ICMP Router Discovery Messages." Sep-01-1991. 759 RFC1885 760 A. Conta, S. Deering, "Internet Control Message Protocol (ICMPv6) 761 for the Internet Protocol Version 6 (IPv6)." December 1995. 763 RFC791 764 J. Postel, "Internet Protocol." Sep-01-1981. 766 RFC792 767 J. Postel, "Internet Control Message Protocol.", Sep-01-1981. 769 RFC950 770 J.C. Mogul, J. Postel, "Internet Standard Subnetting Procedure." 771 Aug-01-1985. 773 4.1. Author's Address 774 Michael C. Richardson 775 Solidum Systems Corporation 776 940 Belfast Road 777 Ottawa, ON K1G 4A2 778 Canada 780 Telephone: +1 613 244-4804 781 EMail: mcr@sandelman.ottawa.on.ca 783 4.2. Expiration and File Name 785 This draft expires February 1999 787 Its file name is draft-ipsec-icmp-handle-v4-00.txt