Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
Joe Touch <touch@strayalpha.com> Wed, 05 December 2018 13:12 UTC
Return-Path: <touch@strayalpha.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EFD3124D68; Wed, 5 Dec 2018 05:12:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.921
X-Spam-Level:
X-Spam-Status: No, score=-0.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eYiTjZFB2-20; Wed, 5 Dec 2018 05:12:51 -0800 (PST)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 100F8124BF6; Wed, 5 Dec 2018 05:12:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=gqaZu64wbfpfCg93df5wfO+o8mGw6lVBPmOS59YX728=; b=sWNGX4jjDGdCNig/DeBLjfgPL a1OfqeMSEnhZpDi6tP1Ps7OXuEFVFNzWcwEoIW7/8TqtpW9kO18dSJkPG2UxUHCxvxz1r7L6QfqZe 3c+LLFcz+G8WTqr0VKBLbMARGOnwYVtYbVTFOzYQQdC3xrY4O7IRN3T1tUZxmgcx/qSFLH7/UuYfr kwodfDrq7SkBqdv4MqyUfUUWSQmT3U2twPyL7ZNFLk04NsfJ5dYfH0n9IOG74nYFgNeOxIw3+YbTq PAibeL8bT+6ZwEU9TRSy1BoFx/4y8ml4UbetA1R32Y9wEsRumtEyQvjRB5e3JukMlYAT/UeE6v3NT gIPsSk2NA==;
Received: from cpe-172-250-240-132.socal.res.rr.com ([172.250.240.132]:57172 helo=[192.168.1.16]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1gUWyv-003b94-7u; Wed, 05 Dec 2018 08:12:50 -0500
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
Subject: Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
From: Joe Touch <touch@strayalpha.com>
X-Mailer: iPad Mail (16B92)
In-Reply-To: <9a613af3-c71e-1c30-d10a-f8a57aee3250@foobar.org>
Date: Wed, 05 Dec 2018 05:12:48 -0800
Cc: David Farmer <farmer@umn.edu>, IETF-Discussion Discussion <ietf@ietf.org>, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org, opsec@ietf.org, tsv-art@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <8FE8712B-4CFC-450F-AEB8-A7CCD7D2F121@strayalpha.com>
References: <977CA53D-7F72-4443-9DE2-F75F7A7C1569@strayalpha.com> <4C249487-BD58-41BB-B8B6-081323E29F6C@strayalpha.com> <20181126075746.GO72840@Space.Net> <6C50775C-EB67-4236-93B8-DF0259E04167@strayalpha.com> <20181126175336.GW72840@Space.Net> <c959d8cb6f6a04a8da8318cfa89da341@strayalpha.com> <2425355d-e7cc-69dd-5b5d-78966056fea7@foobar.org> <C4D47788-0F3D-4512-A4E3-11F3E6EC230B@strayalpha.com> <8d3d3b05-ecc3-ad54-cb86-ffe6dc4b4f16@gmail.com> <C929A8B9-D65C-4EF7-9707-2238AE389BE3@strayalpha.com> <CAL9jLaY4h75KK4Bh-kZC6-5fJupaNdUfm1gK2Dg99jBntMCEyQ@mail.gmail.com> <C47149DC-CAF2-449F-8E18-A0572BBF4746@strayalpha.com> <CAL9jLaYfysKm7qrG=+jq7zV=5ODnSX-tAhBAiTU7SzYF-YmcGw@mail.gma il.com> <728C6048-896E-4B12-B80B-2091D7373D16@strayalpha.com> <CAL9jLaYHVdHr+rVoWeNtXTXgLxbTaX8V9gn3424tvsLW60Kvow@mail.gmail.com> <5E70C208-0B31-4333-BB8C-4D45E678E878@isc.org> <CAN-Dau0go6_Puf0A9e7KBpk0ApJBUvcxYtezxnwNc-8pKJ3PwQ@mail.gmail.com> <4D69FA8E-FB8A-4A16-9CA6-690D8AE33C9E@strayalpha.com> <9a613af3-c 71e-1c30-d10a-f8a57aee3250@foobar.org>
To: Nick Hilliard <nick@foobar.org>
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/_16VsBK8VSKjZF_Vk3OStzSPI2A>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 13:12:52 -0000
The choices below don’t include declaring this a security risk and turning it off. If you want to change the standard, do so. But this isn’t a step isn’t that direction. And the previous attempts only show why IPv6 has adoption problems. The standard can still be changed, but regardless, this simply is not a security issue and shouldn’t be sold as one. Joe > On Dec 5, 2018, at 4:48 AM, Nick Hilliard <nick@foobar.org> wrote: > > Joe Touch wrote on 05/12/2018 12:13: >> Then THAT is the security issue.. Not the packets that cause a broken implementation to have problems. > > In this specific case: > > 1. the protocol definition states that HBH packets should be processed per intermediate node. > > 2. even small routers can now handle terabits of data plane throughput. > > What do we do? > > 1. declare that these routers should be able to process terabits of HBH packets (or experimental EHs because we don't know whether experimental EHs are required to be processed HBH or by end points only). > > 2. formally drop the requirement for intermediate routers to process HBH headers > > 3. build routers which will take some HBH headers at low packet rates and drop the rest (+ update rfcs to make this formally compliant). > > 4. something else. > > Nick
- Tsvart last call review of draft-ietf-opsec-ipv6-… Michael Scharf
- Re: Tsvart last call review of draft-ietf-opsec-i… Joe Touch
- Re: Tsvart last call review of draft-ietf-opsec-i… Brian E Carpenter
- Re: Tsvart last call review of draft-ietf-opsec-i… Joe Touch
- Re: Tsvart last call review of draft-ietf-opsec-i… Fernando Gont
- Re: Tsvart last call review of draft-ietf-opsec-i… Fernando Gont
- Re: Tsvart last call review of draft-ietf-opsec-i… Joe Touch
- Re: Tsvart last call review of draft-ietf-opsec-i… Nick Hilliard
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Brian E Carpenter
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Christian Huitema
- Re: [Tsv-art] Tsvart last call review of draft-ie… Nick Hilliard
- Re: [Tsv-art] Tsvart last call review of draft-ie… Christian Huitema
- Re: [Tsv-art] Tsvart last call review of draft-ie… Brian E Carpenter
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Fernando Gont
- Re: Tsvart last call review of draft-ietf-opsec-i… Fernando Gont
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: Tsvart last call review of draft-ietf-opsec-i… Joe Touch
- Re: Tsvart last call review of draft-ietf-opsec-i… Eric Rescorla
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Benjamin Kaduk
- Re: Tsvart last call review of draft-ietf-opsec-i… Mark Andrews
- Re: [Tsv-art] Tsvart last call review of draft-ie… Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Stewart Bryant
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Stewart Bryant
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Stewart Bryant
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christopher Morrow
- Re: Tsvart last call review of draft-ietf-opsec-i… C. M. Heard
- Re: Tsvart last call review of draft-ietf-opsec-i… Christopher Morrow
- Re: Tsvart last call review of draft-ietf-opsec-i… Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: Tsvart last call review of draft-ietf-opsec-i… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Brian E Carpenter
- Re: Tsvart last call review of draft-ietf-opsec-i… Brian E Carpenter
- Re: Tsvart last call review of draft-ietf-opsec-i… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: Tsvart last call review of draft-ietf-opsec-i… Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christopher Morrow
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Brian E Carpenter
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Christopher Morrow
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Mark Andrews
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … David Farmer
- Re: [OPSEC] Tsvart last call review of draft-ietf… Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Stewart Bryant
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Randy Bush
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Stewart Bryant
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christian Huitema
- HbH flags [Tsvart last call review of draft-ietf-… Brian E Carpenter
- Re: HbH flags [Tsvart last call review of draft-i… Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: HbH flags [Tsvart last call review of draft-i… Brian E Carpenter
- game over, EH [Tsvart last call review of draft-i… Brian E Carpenter
- Re: HbH flags [Tsvart last call review of draft-i… Joe Touch
- ECMP [Tsvart last call review of draft-ietf-opsec… Brian E Carpenter
- Re: HbH flags [Tsvart last call review of draft-i… Brian E Carpenter
- Re: game over, EH [Tsvart last call review of dra… Stephen Farrell
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Fernando Gont
- Re: game over, EH [Tsvart last call review of dra… Fernando Gont
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Fernando Gont
- Re: HbH flags [Tsvart last call review of draft-i… Joe Touch
- Re: HbH flags [Tsvart last call review of draft-i… Christopher Morrow
- Re: HbH flags [Tsvart last call review of draft-i… Joe Touch
- Re: HbH flags [Tsvart last call review of draft-i… Joe Touch
- Re: HbH flags [Tsvart last call review of draft-i… Christopher Morrow
- Re: HbH flags [Tsvart last call review of draft-i… Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] HbH flags [Tsvart last call review of… Gert Doering
- Re: game over, EH [Tsvart last call review of dra… Gert Doering
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Brian Trammell (IETF)
- Re: game over, EH [Tsvart last call review of dra… Stewart Bryant
- Re: ECMP [Tsvart last call review of draft-ietf-o… Stewart Bryant
- Re: HbH flags [Tsvart last call review of draft-i… Ole Troan
- Re: ECMP [Tsvart last call review of draft-ietf-o… Stewart Bryant
- Re: ECMP [Tsvart last call review of draft-ietf-o… Ole Troan
- Re: game over, EH [Tsvart last call review of dra… Stewart Bryant
- Re: game over, EH [Tsvart last call review of dra… Gert Doering
- Re: HbH flags [Tsvart last call review of draft-i… Stewart Bryant
- Re: ECMP [Tsvart last call review of draft-ietf-o… Stewart Bryant
- Re: ECMP [Tsvart last call review of draft-ietf-o… Gert Doering
- Re: game over, EH [Tsvart last call review of dra… Stewart Bryant
- Re: ECMP [Tsvart last call review of draft-ietf-o… Ole Troan
- Re: HbH flags [Tsvart last call review of draft-i… Joe Touch
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Spencer Dawkins at IETF
- Re: HbH flags [Tsvart last call review of draft-i… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: HbH flags [Tsvart last call review of draft-i… Joe Touch
- Re: HbH flags [Tsvart last call review of draft-i… Ole Troan
- Re: HbH flags [Tsvart last call review of draft-i… Stewart Bryant
- Re: HbH flags [Tsvart last call review of draft-i… Joe Touch
- Re: ECMP [Tsvart last call review of draft-ietf-o… Fernando Gont
- RE: [OPSEC] [Tsv-art] Tsvart last call review of … Smith, Donald
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: game over, EH [Tsvart last call review of dra… C. M. Heard
- Re: [OPSEC] game over, EH [Tsvart last call revie… Jared Mauch
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Jared Mauch
- Re: game over, EH [Tsvart last call review of dra… C. M. Heard
- RE: [OPSEC] game over, EH [Tsvart last call revie… Smith, Donald
- Re: game over, EH [Tsvart last call review of dra… Gert Doering
- Re: game over, EH [Tsvart last call review of dra… Nico Williams
- Re: ECMP [Tsvart last call review of draft-ietf-o… Brian E Carpenter
- Re: ECMP [Tsvart last call review of draft-ietf-o… Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: ECMP [Tsvart last call review of draft-ietf-o… Brian E Carpenter
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Eric Rescorla
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Jared Mauch
- Re: ECMP [Tsvart last call review of draft-ietf-o… Fernando Gont
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Christopher Morrow
- Re: HbH flags [Tsvart last call review of draft-i… Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Eric Rescorla
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Jared Mauch
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Eric Rescorla
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Joe Touch
- Re: HbH flags [Tsvart last call review of draft-i… Pete Resnick
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Jared Mauch
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Jared Mauch
- Re: HbH flags [Tsvart last call review of draft-i… Jared Mauch
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Joe Touch
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Nico Williams
- OT: TCP session lifetime - Re: [Tsv-art] game ove… Jared Mauch
- Re: OT: TCP session lifetime - Re: [Tsv-art] game… Nico Williams
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Eric Rescorla
- Re: OT: TCP session lifetime - Re: [Tsv-art] game… Gert Doering
- Engaging constructively [HbH flags [Tsvart last c… Alissa Cooper
- Re: ECMP [Tsvart last call review of draft-ietf-o… Wes Hardaker
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Fernando Gont