IETF Logo Mail Archive

Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06

David Farmer <farmer@umn.edu> Wed, 05 December 2018 07:00 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 830D8124D68 for <ietf@ietfa.amsl.com>; Tue, 4 Dec 2018 23:00:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Yj2chb8kTAM for <ietf@ietfa.amsl.com>; Tue, 4 Dec 2018 23:00:52 -0800 (PST)
Received: from mta-p6.oit.umn.edu (mta-p6.oit.umn.edu [134.84.196.206]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18C2B128CFD for <ietf@ietf.org>; Tue, 4 Dec 2018 23:00:49 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mta-p6.oit.umn.edu (Postfix) with ESMTP id 57E046C7 for <ietf@ietf.org>; Wed, 5 Dec 2018 07:00:49 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p6.oit.umn.edu ([127.0.0.1]) by localhost (mta-p6.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b7yLdocpDjsP for <ietf@ietf.org>; Wed, 5 Dec 2018 01:00:49 -0600 (CST)
Received: from mail-ua1-f72.google.com (mail-ua1-f72.google.com [209.85.222.72]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p6.oit.umn.edu (Postfix) with ESMTPS id 0EB036D7 for <ietf@ietf.org>; Wed, 5 Dec 2018 01:00:48 -0600 (CST)
Received: by mail-ua1-f72.google.com with SMTP id v10so2133575uaj.15 for <ietf@ietf.org>; Tue, 04 Dec 2018 23:00:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=t80ePzyj96stD7HAWRlB5NtEYPDu+NICqNhJiTIHmOA=; b=mOXp4NO8I42hKLDxMZI2vondlGyK6JBYGT3VG9hypuvicCAazyBdYP75DfV9/OexkG LwUG8X8g1wgCPN833SQe/RJj9uWvxZep+5eV2rAR8Kdxqd+BnvMGl0U7ueFB1NEvPvDI qxv8DBKPZOdzrfOBDGMWeOSTlVpCzC4d8nFAf+rQkk7+C8k//MsGDVTqMc+STyxVnliC kjlFhOGk4AJwZZEEAUBviA1IMISeY1OqItdqcnkNhfnQXcZBeKXnBcv3aQPWAZM1qz/K OlBzt2nQ+V3mzasz3udkwmbKVMp0gnY5hVa4cqQ0nWTn7NPywZXQbTOmZ5FvVtJID169 fLTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=t80ePzyj96stD7HAWRlB5NtEYPDu+NICqNhJiTIHmOA=; b=a0/JU855NzmQcu1Fw44Tkg4qnBaL4E/WxTd0T4vA3NcOzYqYlfwrVNuB9b4o2z2Sym uz4kF70CY0l+x3kEXXmGr0SBFdiELM+zzJgFthAMmwkpc1sbMj6jxchkuV6M61BHwn+M 57bE6TJSpM5fTm5+/S6+eY7LtDoSIYkBIXB9qwud43FtBg/9/NOsCcJzAKcikd00AAhT Ckuh6Z8CRzA5L2QER2HlGHrgJxsXPW4cheIw1lnrBI1kNyoNxKVeA3gNZW5k1gLkZNwr sWV0i6+Lfll4J2vOex0Dv1KrGl4l6Rn/K3DRO+/LrxOD82Ufo8SDIyhRWOv53w122Mnr WHPA==
X-Gm-Message-State: AA+aEWa0pZzj11w3PpcTZHahhtjGYVe7yI5/fel2sCzZ3yCtiFcMX6tr +Lw9Lz0MOfhG5dxN1vTzG1kUv/JuDqOSBSo5cLevwN8JjAVVbOdkEnqXHp8bMwZ9kvEvJ+LRjgR VYjY3WV3S6v8uNTaCp9Ts9y8N
X-Received: by 2002:a67:c86:: with SMTP id 128mr10323670vsm.221.1543993247335; Tue, 04 Dec 2018 23:00:47 -0800 (PST)
X-Google-Smtp-Source: AFSGD/VvKtMH84gSbbS7QSBeZN69qHR88/ykxjTMgfmOTew7pF01esP0vFc+FHa0SVuuBaXQd2wFZ2lKjKU+bVf8BRs=
X-Received: by 2002:a67:c86:: with SMTP id 128mr10323659vsm.221.1543993246962; Tue, 04 Dec 2018 23:00:46 -0800 (PST)
MIME-Version: 1.0
References: <977CA53D-7F72-4443-9DE2-F75F7A7C1569@strayalpha.com> <d6deb7af-99dd-9013-2722-8ebbe00c0b37@si6networks.com> <1CB13135-D87A-4100-8668-D761058E1388@strayalpha.com> <0f56c25d-7ac7-e534-4e2c-cc09f5154e77@foobar.org> <28EDE667-457E-4AED-8480-F27ECAA8E985@strayalpha.com> <6bd1ec94-f420-1f4c-9254-941814704dbb@gmail.com> <6be84ccf-9a72-2694-e19d-fa19043a0cb1@huitema.net> <4C249487-BD58-41BB-B8B6-081323E29F6C@strayalpha.com> <20181126075746.GO72840@Space.Net> <6C50775C-EB67-4236-93B8-DF0259E04167@strayalpha.com> <20181126175336.GW72840@Space.Net> <c959d8cb6f6a04a8da8318cfa89da341@strayalpha.com> <2425355d-e7cc-69dd-5b5d-78966056fea7@foobar.org> <C4D47788-0F3D-4512-A4E3-11F3E6EC230B@strayalpha.com> <8d3d3b05-ecc3-ad54-cb86-ffe6dc4b4f16@gmail.com> <C929A8B9-D65C-4EF7-9707-2238AE389BE3@strayalpha.com> <CAL9jLaY4h75KK4Bh-kZC6-5fJupaNdUfm1gK2Dg99jBntMCEyQ@mail.gmail.com> <C47149DC-CAF2-449F-8E18-A0572BBF4746@strayalpha.com> <CAL9jLaYfysKm7qrG=+jq7zV=5ODnSX-tAhBAiTU7SzYF-YmcGw@mail.gmail.com> <728C6048-896E-4B12-B80B-2091D7373D16@strayalpha.com> <CAL9jLaYHVdHr+rVoWeNtXTXgLxbTaX8V9gn3424tvsLW60Kvow@mail.gmail.com> <5E70C208-0B31-4333-BB8C-4D45E678E878@isc.org>
In-Reply-To: <5E70C208-0B31-4333-BB8C-4D45E678E878@isc.org>
From: David Farmer <farmer@umn.edu>
Date: Wed, 05 Dec 2018 01:00:30 -0600
Message-ID: <CAN-Dau0go6_Puf0A9e7KBpk0ApJBUvcxYtezxnwNc-8pKJ3PwQ@mail.gmail.com>
Subject: Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
To: Mark Andrews <marka@isc.org>
Cc: morrowc.lists@gmail.com, tsv-art@ietf.org, opsec@ietf.org, IETF-Discussion Discussion <ietf@ietf.org>, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org
Content-Type: multipart/alternative; boundary="0000000000000570c4057c40f105"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/oSluW3ubsuUzqdjkmpmpFo22g60>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 07:00:54 -0000

On Wed, Dec 5, 2018 at 12:15 AM Mark Andrews <marka@isc.org> wrote:

>
> And the correct thing to do is to FIX THE BROKEN PRODUCT.
>
> If a ssh implementation is broken we don’t drop SSH packets.  We fix the
> broken implementation of ssh.
>
> If there is a SQL injection problem we fix that problem rather than
> dropping HTTP
> and HTTPS packets.
>
> If a router can’t handle all legal packets at line rate the router needs
> to fixed.
>
> Punting stuff to be processed by the same CPU that process the routing
> table worked
> for a while.  There is no rule that says routers can’t have multiple CPUs
> some of
> which are dedicated to handling the control plane and other that deal with
> everything
> else that has been punted.  Design the router so that the control plane
> doesn’t get
> overloaded and the exceptional packet get handled.
>
> Generating PTB’s shouldn’t be seen as exceptional.  Fragmented packets
> shouldn’t be
> seen as exceptional.
>

Even if agree that is the way routers SHOULD be designed today. I'm not
aware of any that are designed that way.

Further, even if all new router shipped from today on were designed that
way, which they are not. It would easily take a decade or more for all the
old legacy routers to fade away on the Internet. Those are facts we have to
work with.

-- 
===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email