Re: [homenet] Please review security considerations of draft-homenet-babel-profile
Gert Doering <gert@space.net> Thu, 27 July 2017 13:40 UTC
Return-Path: <gert@space.net>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 472FF132025 for <homenet@ietfa.amsl.com>; Thu, 27 Jul 2017 06:40:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iDl7pL3t_FBw for <homenet@ietfa.amsl.com>; Thu, 27 Jul 2017 06:40:54 -0700 (PDT)
Received: from mobil.space.net (mobil.space.net [IPv6:2001:608:2:81::67]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25F4913215C for <homenet@ietf.org>; Thu, 27 Jul 2017 06:40:54 -0700 (PDT)
X-Original-To: homenet@ietf.org
Received: from mobil.space.net (localhost [IPv6:::1]) by mobil.space.net (Postfix) with ESMTP id 2F7C042800 for <homenet@ietf.org>; Thu, 27 Jul 2017 15:40:52 +0200 (CEST)
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
Received: from moebius4.space.net (moebius4.space.net [IPv6:2001:608:2:2::251]) by mobil.space.net (Postfix) with ESMTP id 09024427FA; Thu, 27 Jul 2017 15:40:52 +0200 (CEST)
Received: by moebius4.space.net (Postfix, from userid 1007) id 05FC49294; Thu, 27 Jul 2017 15:40:52 +0200 (CEST)
Date: Thu, 27 Jul 2017 15:40:51 +0200
From: Gert Doering <gert@space.net>
To: Philip Homburg <pch-homenet-3@u-1.phicoh.com>
Cc: homenet@ietf.org, Juliusz Chroboczek <jch@irif.fr>
Message-ID: <20170727134051.GZ45648@Space.Net>
References: <874lu045zs.wl-jch@irif.fr> <m1daIuD-0000IGC@stereo.hq.phicoh.net> <87eft2ubqj.wl-jch@irif.fr> <m1daVny-0000DNC@stereo.hq.phicoh.net> <87r2x2ffm6.wl-jch@irif.fr> <m1daizY-0000HBC@stereo.hq.phicoh.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <m1daizY-0000HBC@stereo.hq.phicoh.net>
X-NCC-RegID: de.space
User-Agent: Mutt/1.8.2 (2017-04-18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/fPejco91AfacvQ7fc-UxXKvZIMM>
Subject: Re: [homenet] Please review security considerations of draft-homenet-babel-profile
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jul 2017 13:40:56 -0000
Hi, On Thu, Jul 27, 2017 at 03:38:15PM +0200, Philip Homburg wrote: > The TTL hack is used in ND. Because ND uses GUAs (which it should have never done in the first place). > It strikes me as really bad for security to come > up with a different mechanism to achieve the same result for no other reason > than that you for some reason didn't like that trick. Relying on "it must be a link local src and link local dst" sounds much more sane than "we permit arbitrary packets to reach us from the outside and then worry about criteria to ignore them afterwards". Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
- [homenet] Please review security considerations o… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Stephen Farrell
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Ray Bellis
- Re: [homenet] Please review security consideratio… Mark Baugher
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Philip Homburg
- Re: [homenet] Please review security consideratio… Gert Doering
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Philip Homburg
- Re: [homenet] Please review security consideratio… Philip Homburg
- Re: [homenet] Please review security consideratio… Juliusz Chroboczek
- Re: [homenet] Please review security consideratio… Philip Homburg
- Re: [homenet] Please review security consideratio… Gert Doering