- An ICMP message by itself is not secure. For example, it's trivial for an off-path attacker to generate ICMP messages for sessions from legitimate UEs to <popularwebsite>:443. Getting a UE to trust such a message only requires getting the ephemeral port right, and many OSes have a quite limited range of ephemeral ports.Is there any data that shows ICMP (and its insecurity) being used for off-path attacks like this today? Networks (as they do today) may just filter out ICMP they don't support from the edge.
3. The notification should not be on a per-destination basis. A hint that conveys the information "you can reach facebook, but to reach CNN you need to upgrade to another service plan" is not technically infeasible but is unlikely ever to reach WG and IETF consensus and therefore I think we should not spend our time talking about it.Can't a network have this policy irrespective of how we implement ICMP? Can't they even today just use existing ICMP messages? I cringe when we start dictating how PUBLIC ACCESS networks manage their walled garden and businesses.