IETF Logo Mail Archive

[IPv6]Re: Adoption call for draft-bonica-6man-deprecate-router-alert

Sebastian Moeller <moeller0@gmx.de> Tue, 11 June 2024 14:28 UTC

Return-Path: <moeller0@gmx.de>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 679EEC1840EE for <ipv6@ietfa.amsl.com>; Tue, 11 Jun 2024 07:28:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.856
X-Spam-Level:
X-Spam-Status: No, score=-6.856 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZnUZogcCNvlE for <ipv6@ietfa.amsl.com>; Tue, 11 Jun 2024 07:28:15 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25782C14F600 for <ipv6@ietf.org>; Tue, 11 Jun 2024 07:28:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1718116089; x=1718720889; i=moeller0@gmx.de; bh=5BScLQECWvVdJO7PPhuNBkAhiMo0naK/MV43kQIefRE=; h=X-UI-Sender-Class:Content-Type:Mime-Version:Subject:From: In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id: References:To:cc:content-transfer-encoding:content-type:date:from: message-id:mime-version:reply-to:subject:to; b=lXVIJTmuOXQMmeWIecjGrYTzC59Ut6KwmSJtvfB/UJgI2+bZEJxGznY2E5GOmfrP Hd+1eGUy4xW57DXhd6d8KnHs+56yH7aE7miteGfYOA7iAv1sKEcRCybMPjl/4BO5f 8El4XMKbji70MUO2lV2Bg+B5DL54WNhwBxmtLsSCiFxzZoozuZEB+pRdVGbn2DHKs wqSIGSZJRSTujjShw6gUkDn5VCzvpXWqMQTwhHHHQdmF37QXiuw4BH7usbRi+X586 Bi3c3WOh/NXwXwEZxYqNU6fiNCRyoy1KbHHbnyS3L3B5m94funvWgh3ev/3zRN+Jo I5CHuk4gTlvKE4Dy8g==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from smtpclient.apple ([134.76.241.253]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MSbxD-1rofom2bOL-00Mtzv; Tue, 11 Jun 2024 16:28:09 +0200
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\))
From: Sebastian Moeller <moeller0@gmx.de>
In-Reply-To: <3005671.1718110542@dyas>
Date: Tue, 11 Jun 2024 16:27:58 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <68BB7C28-ACF6-409E-AC5F-D73D60748CC1@gmx.de>
References: <CAFU7BAQDP-+bOZOphnxwJopikYxoW=Bvo_1S7czfXmq=2UT2zg@mail.gmail.com> <3005671.1718110542@dyas>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3774.600.62)
X-Provags-ID: V03:K1:JwLWZX6TNo9Bw/7nM0NOlnw3SPN7dbHjQBiazzvTwRNTUL/PmFq tXMHRhX1xWYZyx6SH0z2qXtvPMLhYROKSwn9NMfilDmfm0RoYJhat4aJALUNzdC3RKSnzXD vMRSMEQQ12kNBPxi6QW/1E673ryRoYhuCS5B84LWNCg/NfokYSkRspB5nvMvgggmGZ/pr5y gWuYjEc6cYNeMOjO1woIg==
UI-OutboundReport: notjunk:1;M01:P0:oZakF7t4gl4=;vbCm/LYQhPs+JtC+ipsuZCt1E/p mhS3OiIuFhHq+DZvJcHQsUtE6tVSz/Q07Nt/m0pZREtCzXvF1J5vsgrUdC8asvHCqqvaauADS 7vg+q8gMfm7Xxedh5owbfUxvJKxC9KX5YNszDp6RDBfyutz36X/ewn1P0vQ9miCELUP2Nex4T R3aHcxxkC4Aq3VqqVgZu2N4wLejFqyKCBiUWXEfwI1lgM+HMIP9sPNTlHv8ILAFcJe0zmhGK/ i2JKZQ2NGMzFQoJExVRfikW3v/78o06ncooFw8lACYE8EVmJUFT2Ux4IDlkvUm9JmN691vZCE Ow/nck5SG7V2ohRAh3VuDk1vydV4MKhMsSleA8UBuX9G26FJK+hULRiVpoz4QyRnRJA6eMdWa fUs+YFYj2zRXPGVuF1m/E+/VshyjJLvDd6D+jMqg+1iSpydySxlzK+cGaVjPXWnL0xboWDE+t mMP5WldbGDmOpi7EGyNmLq571GreRYidSRlC6QWhBEk715RKYYWB79PRf+o8PIqSPU9Vp82d3 lZNMRvbHzmFd4JDXW6P5OA8aqDxJUicZGmuiRWvZqzLodGdBQfxJ+Yuusr5SGstnOjBSXus8N Zts6RmAHz/LJipS9BI1v51Mxd+epNxzWlA3e8rab78tKCyohffM5jGrGU6p3ooZvVnuEGHIdM 4gSLTBY4TNUij4srIBNjw6V3JBuOd8Fe6ITDx226tx69rCJ35zpnE6IlFwQut21AunnwyinNE amMgWZlQC2Uf3K9FQ8s5xrDqwrJwW1IqKNWWaC2RlXE8S2DpsR13haLdpazAmffiN+x0K1klO JI2gWszLA/4cFlMyt8mrrPTNhfetH/sTm+e7hXQHZ+ouE=
Message-ID-Hash: X3CXBFJ6KIECVU3VUAHWDYWHT6GQ4EW7
X-Message-ID-Hash: X3CXBFJ6KIECVU3VUAHWDYWHT6GQ4EW7
X-MailFrom: moeller0@gmx.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipv6.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: 6man <ipv6@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [IPv6]Re: Adoption call for draft-bonica-6man-deprecate-router-alert
List-Id: "IPv6 Maintenance Working Group (6man)" <ipv6.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/1dtbheExtKgkeLMmWY0y6iGyDgg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Owner: <mailto:ipv6-owner@ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Subscribe: <mailto:ipv6-join@ietf.org>
List-Unsubscribe: <mailto:ipv6-leave@ietf.org>

Mmmh,

but isn't the real problem here using in-band signalling? As long as the control plane leverages the forwarding plane for control traffic that will need to be specifically selected/curated... and hence can be targeted by attackers independent on how this control traffic is recognised. This however is also an argument against the router alert flag, if you can not trust it and need to to other checking already, that other checking might be sufficient in itself... But maybe all I am showing is my lack of understanding..


Regards
	Sebastian


> On 11. Jun 2024, at 14:55, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> 
> I have read the document and I support adoption, because I think the topic is
> worth discussing.
> 
> Given that it does *not* obsolete the option, simplifying the hardware and
> eliminating the security thread, all the document really does is prevent the
> option from being used in new protocols.
> 
> So while I share Ole's concerns, but I think the document is worth adopting
> so that we can have the right discussion.
> 
> (When writing an adoption call, I suggest setting to Reply-To: to the list)
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
> -= IPv6 IoT consulting =-                      *I*LIKE*TRAINS*
> 
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests:
> --------------------------------------------------------------------

v2.38.3 | Report a Bug | By Email | System Status