Re: [6lo] draft-ietf-6lo-minimal-fragment-00: When to remove VRB entries?
Yasuyuki Tanaka <yasuyuki.tanaka@inria.fr> Mon, 24 June 2019 09:51 UTC
Return-Path: <yasuyuki.tanaka@inria.fr>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B14C12013A for <6lo@ietfa.amsl.com>; Mon, 24 Jun 2019 02:51:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tmh5TFlPDW5r for <6lo@ietfa.amsl.com>; Mon, 24 Jun 2019 02:51:48 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A16212004C for <6lo@ietf.org>; Mon, 24 Jun 2019 02:51:47 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.63,411,1557180000"; d="scan'208";a="311201053"
Received: from wifi-pro-82-014.paris.inria.fr ([128.93.82.14]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Jun 2019 11:51:45 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Yasuyuki Tanaka <yasuyuki.tanaka@inria.fr>
In-Reply-To: <MN2PR11MB35651AF9ADEAD3BD5AAD3979D8E70@MN2PR11MB3565.namprd11.prod.outlook.com>
Date: Mon, 24 Jun 2019 11:51:45 +0200
Cc: Yasuyuki Tanaka <yasuyuki.tanaka@inria.fr>, Carsten Bormann <cabo@tzi.org>, "6lo@ietf.org" <6lo@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8AFDA5BD-C756-492C-AAFC-DD792A7B18A3@inria.fr>
References: <CALHmdRwqF972Y4DG8x9QW_fg+AkwnQtzUVSgyE77FBYYO0SLpQ@mail.gmail.com> <cc58e1c1-9084-e1dd-91ab-db485a242767@inria.fr> <A448295E-D3AF-45CD-A14A-48FA82A8ABF2@tzi.org> <499847d6-337a-4484-972f-18647f8c75be@inria.fr> <4F69EDC9-AAAC-4BCD-8493-52BA0D129130@tzi.org> <MN2PR11MB35651AF9ADEAD3BD5AAD3979D8E70@MN2PR11MB3565.namprd11.prod.outlook.com>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/nwZ4XlFo_j1paleJSf37GsYwCjA>
Subject: Re: [6lo] draft-ietf-6lo-minimal-fragment-00: When to remove VRB entries?
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2019 09:51:50 -0000
Hello Pascal, Yes, it does. Thank you! Best, Yatch > On Jun 21, 2019, at 18:00, Pascal Thubert (pthubert) <pthubert@cisco.com> wrote: > > Hello Yatch; > > In the security section is changed the text to: > > " > > An attacker can perform a Denial-of-Service (DoS) attack on a node implementing VRB by generating a large number of bogus "fragment 1" fragments without sending subsequent fragments. > This causes the VRB table to fill up. Note that the VRB does not need to remember the full datagram as received so far but only possibly a few octets from the last fragment that could not fit in it. > It is expected that an implementation protects itself to keep the number of VRBs within capacity, and that old VRBs are protected by a timer of a reasonable duration for the technology and destroyed upon timeout. > " > > Works? > > Pascal > >> -----Original Message----- >> From: 6lo <6lo-bounces@ietf.org> On Behalf Of Carsten Bormann >> Sent: jeudi 7 février 2019 12:42 >> To: Yasuyuki Tanaka <yasuyuki.tanaka@inria.fr> >> Cc: 6lo@ietf.org >> Subject: Re: [6lo] draft-ietf-6lo-minimal-fragment-00: When to remove VRB >> entries? >> >> On Feb 7, 2019, at 12:36, Yasuyuki Tanaka <yasuyuki.tanaka@inria.fr> wrote: >>> >>> Since datagram_tag is expected to be incremented (by one) as RFC4944 >> specifies, holding the last datagram_tag per peer may be enough, although this >> kind of thing could be "implementation-specific": >> >> Right. We don’t want to blackhole datagrams after a reboot, and we want to >> allow the sending implementation to forget their neighbor state (which might >> include that counter, if it is not global) after a while. So I think some form of >> timeout may be needed. >> >> Grüße, Carsten >> >> _______________________________________________ >> 6lo mailing list >> 6lo@ietf.org >> https://www.ietf.org/mailman/listinfo/6lo
- [6lo] draft-ietf-6lo-minimal-fragment-00: When to… Martine Lenders
- Re: [6lo] draft-ietf-6lo-minimal-fragment-00: Whe… Pascal Thubert (pthubert)
- Re: [6lo] draft-ietf-6lo-minimal-fragment-00: Whe… Martine Lenders
- Re: [6lo] draft-ietf-6lo-minimal-fragment-00: Whe… Pascal Thubert (pthubert)
- Re: [6lo] draft-ietf-6lo-minimal-fragment-00: Whe… Yasuyuki Tanaka
- Re: [6lo] draft-ietf-6lo-minimal-fragment-00: Whe… Carsten Bormann
- Re: [6lo] draft-ietf-6lo-minimal-fragment-00: Whe… Carsten Bormann
- Re: [6lo] draft-ietf-6lo-minimal-fragment-00: Whe… Yasuyuki Tanaka
- Re: [6lo] draft-ietf-6lo-minimal-fragment-00: Whe… Carsten Bormann
- Re: [6lo] draft-ietf-6lo-minimal-fragment-00: Whe… Pascal Thubert (pthubert)
- Re: [6lo] draft-ietf-6lo-minimal-fragment-00: Whe… Yasuyuki Tanaka