On Sep 23, 2014, at 2:34 PM, Roland Dobbins <rdobb...@arbor.net> wrote:
> > On Sep 24, 2014, at 12:16 AM, Florian Weimer <f...@deneb.enyo.de> wrote: > >> Fragmentation in IPv4 is inherently insecure. > > Conceptually, yes, it's a Very Bad Idea. But given the realities of the > TCP/IP we have, it's important that network operators understand that they > can't filter out non-initial fragments, or they'll break the Internet for > their customers. > But what about the customers that use recursive nameservers, does it make sense for them to block fragments at the edge and even on the other side of the link at the edge?
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
