IETF Logo Mail Archive

Re: Questions regarding the security mechanisms//RE: CRH and RH0

Ole Troan <otroan@employees.org> Fri, 22 May 2020 18:01 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75C913A0CD5 for <ipv6@ietfa.amsl.com>; Fri, 22 May 2020 11:01:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ngz98TqQ2VOs for <ipv6@ietfa.amsl.com>; Fri, 22 May 2020 11:01:26 -0700 (PDT)
Received: from clarinet.employees.org (clarinet.employees.org [198.137.202.74]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F40243A0AA1 for <6man@ietf.org>; Fri, 22 May 2020 11:01:25 -0700 (PDT)
Received: from [192.168.10.14] (dhcp217197164244.blix.com [217.197.164.244]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 02A9D4E11D3F; Fri, 22 May 2020 18:01:23 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Ole Troan <otroan@employees.org>
Mime-Version: 1.0 (1.0)
Subject: Re: Questions regarding the security mechanisms//RE: CRH and RH0
Date: Fri, 22 May 2020 20:01:20 +0200
Message-Id: <F5851937-5761-4DA4-852D-3396804D1B8C@employees.org>
References: <DM6PR05MB6348728EB5A04793CD6B405BAEB40@DM6PR05MB6348.namprd05.prod.outlook.com>
Cc: "Xiejingrong (Jingrong)" <xiejingrong@huawei.com>, "Joel M. Halpern" <jmh@joelhalpern.com>, Tom Herbert <tom@herbertland.com>, 6man <6man@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
In-Reply-To: <DM6PR05MB6348728EB5A04793CD6B405BAEB40@DM6PR05MB6348.namprd05.prod.outlook.com>
To: Ron Bonica <rbonica@juniper.net>
X-Mailer: iPhone Mail (17F5065a)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/2I9yeA5M3NMcT6NSvdADlfDaBCc>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2020 18:01:28 -0000

Ron,

> On 22 May 2020, at 19:57, Ron Bonica <rbonica@juniper.net> wrote:
> 
> 
> These issues are generic to all routing headers. In the CRH draft, I will try to craft a security considerations section that is generic. One day, if somebody gets ambitious, they can factor that out into a separate document that applies to all Routing headers.

Absolutely. That’s why we don’t have any generic source routing in IP. 
Just wanted that point to be clear, since 
I think you at some point made the claim that crh resolved the attack in 5095. 

Cheers,
Ole

v2.23.0 | Report a Bug | By Email