Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
Brian E Carpenter <brc@zurich.ibm.com> Thu, 26 April 2007 10:16 UTC
Return-path: <ipv6-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hh11p-0007H3-GF; Thu, 26 Apr 2007 06:16:46 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hh11n-0007Gi-F5 for ipv6@ietf.org; Thu, 26 Apr 2007 06:16:43 -0400
Received: from mtagate4.de.ibm.com ([195.212.29.153]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Hh11j-0002jb-C1 for ipv6@ietf.org; Thu, 26 Apr 2007 06:16:42 -0400
Received: from d12nrmr1607.megacenter.de.ibm.com (d12nrmr1607.megacenter.de.ibm.com [9.149.167.49]) by mtagate4.de.ibm.com (8.13.8/8.13.8) with ESMTP id l3QAGcOr109934 for <ipv6@ietf.org>; Thu, 26 Apr 2007 10:16:38 GMT
Received: from d12av03.megacenter.de.ibm.com (d12av03.megacenter.de.ibm.com [9.149.165.213]) by d12nrmr1607.megacenter.de.ibm.com (8.13.8/8.13.8/NCO v8.3) with ESMTP id l3QAGbHM3395620 for <ipv6@ietf.org>; Thu, 26 Apr 2007 12:16:37 +0200
Received: from d12av03.megacenter.de.ibm.com (loopback [127.0.0.1]) by d12av03.megacenter.de.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id l3QAGbD0028510 for <ipv6@ietf.org>; Thu, 26 Apr 2007 12:16:37 +0200
Received: from sihl.zurich.ibm.com (sihl.zurich.ibm.com [9.4.16.232]) by d12av03.megacenter.de.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id l3QAGbsk028499 for <ipv6@ietf.org>; Thu, 26 Apr 2007 12:16:37 +0200
Received: from [9.4.210.19] ([9.4.210.19]) by sihl.zurich.ibm.com (AIX4.3/8.9.3p2/8.9.3) with ESMTP id MAA317388 for <ipv6@ietf.org>; Thu, 26 Apr 2007 12:16:36 +0200
Message-ID: <46307C0E.9060809@zurich.ibm.com>
Date: Thu, 26 Apr 2007 12:16:46 +0200
From: Brian E Carpenter <brc@zurich.ibm.com>
Organization: IBM
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To: IETF IPv6 Mailing List <ipv6@ietf.org>
References: <462D4706.4000504@spaghetti.zurich.ibm.com> <462E7AB4.3050807@piuha.net> <m2mz0xp6je.wl%gnn@neville-neil.com> <20070425093402.A30586@mignon.ki.iif.hu> <20070425141336.E95D522875@thrintun.hactrn.net> <462F7005.50700@sri.com> <CE11116E-DF68-481D-AB30-E592C339CEFB@nokia.com>
In-Reply-To: <CE11116E-DF68-481D-AB30-E592C339CEFB@nokia.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a
Subject: Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Errors-To: ipv6-bounces@ietf.org
On 2007-04-26 02:39, Bob Hinden wrote:
> [trimming this to just the IPv6 w.g.]
>
> We think the question for the IPv6 working group on this topic is does
> the working group want to do anything to address the issues raised about
> the Type 0 routing header. Possible actions include:
>
> 1) Deprecate all usage of RH0
> 2) Recommend that RH0 support be off by default in hosts and routers
> 3) Recommend that RH0 support be off by default in hosts
> 4) Limit it's usage to one RH0 per IPv6 packet and limit the number of
> addresses in one RH0.
Excuse my ignorance, but have the following three rules ever been
considered?
1. The list of addresses in an RH0 MUST NOT include the packet's source address.
2. The same address MUST NOT occur more than once in an RH0.
3. A node processing an RH0 MUST discard any packet breaking these two rules.
I'd be interested in whether this would eliminate the various attacks.
(I'm not really advocating this, since it is added complexity for
a feature that we don't obviously need anyway. But if we don't deprecate
it, all the other options seem to leave the threats in place.)
Brian
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
- IPv6 Type 0 Routing Header issues Jeroen Massar
- Re: IPv6 Type 0 Routing Header issues Jari Arkko
- Re: IPv6 Type 0 Routing Header issues George V. Neville-Neil
- Re: IPv6 Type 0 Routing Header issues Mohacsi Janos
- Re: IPv6 Type 0 Routing Header issues David Malone
- Re: IPv6 Type 0 Routing Header issues Remi Denis-Courmont
- Re: IPv6 Type 0 Routing Header issues Jun-ichiro itojun Hagino
- Re: IPv6 Type 0 Routing Header issues Paul Vixie
- Re: IPv6 Type 0 Routing Header issues Jun-ichiro itojun Hagino
- Re: IPv6 Type 0 Routing Header issues Rob Austein
- Re: IPv6 Type 0 Routing Header issues Tim Enos
- Question for IPv6 w.g. on [Re: IPv6 Type 0 Routin… Bob Hinden
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Perry Lorier
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Brian E Carpenter
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… David Malone
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… David Malone
- Re: IPv6 Type 0 Routing Header issues Ed Jankiewicz
- Re: IPv6 Type 0 Routing Header issues Gert Doering
- Re: IPv6 Type 0 Routing Header issues Gert Doering
- RE: IPv6 Type 0 Routing Header issues Manfredi, Albert E
- RE: IPv6 Type 0 Routing Header issues Tony Hain
- RE: IPv6 Type 0 Routing Header issues Tony Hain
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Tony Hain
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… james woodyatt
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… james woodyatt
- Re: IPv6 Type 0 Routing Header issues George V. Neville-Neil
- Re: IPv6 Type 0 Routing Header issues Alun Evans
- Re: IPv6 Type 0 Routing Header issues Jeroen Massar
- Re: IPv6 Type 0 Routing Header issues David Malone
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- Re: IPv6 Type 0 Routing Header issues Ebalard, Arnaud
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Ignatios Souvatzis
- itojun2.0 (RE: IPv6 Type 0 Routing Header issues) Jun-ichiro itojun Hagino 2.0
- Re: itojun2.0 (RE: IPv6 Type 0 Routing Header iss… Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jari Arkko
- RE: IPv6 Type 0 Routing Header issues Manfredi, Albert E
- RE: IPv6 Type 0 Routing Header issues Tony Hain
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Dave Thaler
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Tim Hartrick
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- RE: IPv6 Type 0 Routing Header issues Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Theo de Raadt
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Bob Hinden
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Pekka Savola
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Brian E Carpenter
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Pars Mutaf
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Theo de Raadt
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Dave Thaler
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Eric Klein
- Re: IPv6 Type 0 Routing Header issues james woodyatt
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Brian E Carpenter
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Roger Jorgensen
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jeroen Massar
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Paul Vixie
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Eric Klein
- Re: IPv6 Type 0 Routing Header issues George V. Neville-Neil
- Re: IPv6 Type 0 Routing Header issues Ebalard, Arnaud
- Re: IPv6 Type 0 Routing Header issues gnn
- Re: IPv6 Type 0 Routing Header issues Mini
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jeroen Massar
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Eric Klein
- Re: Question for IPv6 w.g. on Kenjiro Cho
- Re: itojun2.0 (RE: IPv6 Type 0 Routing Header iss… Jun-ichiro itojun Hagino 2.0
- Re: itojun2.0 (RE: IPv6 Type 0 Routing Header iss… Jun-ichiro itojun Hagino 2.0
- Re: IPv6 Type 0 Routing Header issues David Malone
- Re: IPv6 Type 0 Routing Header issues Jun-ichiro itojun Hagino 2.0