On Fri, May 28, 2004 at 12:43:43PM -0400, Michael Hertrick wrote:
> Jason Thorpe wrote:
> 
> >
> >On May 28, 2004, at 7:08 AM, Michael Hertrick wrote:
> >
> >>In the interest of security, specifically the risk of DoS (both 
> >>intentional and not), I'd like to see the DF bit set by default.
> >
> >
> >Set?  Or copied from the original packet?
> >
> >I think it should be copied from the original.
> 
> 
> You're probably right for the sake of compatibility with non-PMTUD 
> hosts, but if it is copied from the original then one is leaving the 
> decision up to the untrustworthy end-user/system.

What?  What are you talking about?  Do you understand how path MTU
discovery works?  Whether to set or not set the DF bit is explicitly
a decision for the end node to make, *not* some intermediate router.