Security review of draft-shore-icmp-aup-06
An Acceptable Use Policy for New ICMP Types and Codes

Do not be alarmed.  I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors.  Document editors and
WG chairs should treat these comments just like any other last call
comments.

The document discusses the current uses of ICMP and how it may or may
not fit into management or control planes, depending on your view of
what those are.  The recommendation is to limit uses to reporting
downstream forwarding anomalies, discovering on-link routers and hosts
and network parameters.  "ICMP should not be used as a routing or
network management protocol."

While there are ostensibly no new security considerations, it is
worthwhile noting that ICMP plays a part in the Photuris protocol and
was also used in SKIP (though that usage is deprecated).  In general,
I have some concern about using ICMP to discover network security
parameters or to report on network security anomalies in the
forwarding plane.

I would recommend adding something to the security considerations
about avoiding such usage or using special caution if defining
new protocols.

Hilarie