RE: IPv6 Type 0 Routing Header issues
"Tony Hain" <alh-ietf@tndh.net> Thu, 26 April 2007 22:45 UTC
Return-path: <ipv6-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HhCi4-0000L4-RH; Thu, 26 Apr 2007 18:45:08 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HhCi3-0000Ka-Lk for ipv6@ietf.org; Thu, 26 Apr 2007 18:45:07 -0400
Received: from static-66-15-163-216.bdsl.verizon.net ([66.15.163.216] helo=tndh.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HhCi1-0008A4-6R for ipv6@ietf.org; Thu, 26 Apr 2007 18:45:07 -0400
Received: from eagle (127.0.0.1:2552) by tndh.net with [XMail 1.17 (Win32/Ix86) ESMTP Server] id <S2F09B7> for <ipv6@ietf.org> from <alh-ietf@tndh.net>; Thu, 26 Apr 2007 15:44:59 -0700
From: Tony Hain <alh-ietf@tndh.net>
To: 'Ed Jankiewicz' <edward.jankiewicz@sri.com>, v6ops@ops.ietf.org
References: <462D4706.4000504@spaghetti.zurich.ibm.com> <462E7AB4.3050807@piuha.net> <m2mz0xp6je.wl%gnn@neville-neil.com> <20070425093402.A30586@mignon.ki.iif.hu> <20070425141336.E95D522875@thrintun.hactrn.net> <462F7005.50700@sri.com>
In-Reply-To: <462F7005.50700@sri.com>
Date: Thu, 26 Apr 2007 15:44:50 -0700
Message-ID: <017401c78854$805ac050$811040f0$@net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AceHTKgMBHU9OvoyTfyxYpjQatrdWgBBwUTw
Content-Language: en-us
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955
Cc: 'Rob Austein' <sra@isc.org>, nav6tf@ipv6forum.com, ipv6@ietf.org, ipv6-ops@lists.cluenet.de
Subject: RE: IPv6 Type 0 Routing Header issues
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: alh-ietf@tndh.net
List-Id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Errors-To: ipv6-bounces@ietf.org
Before you kill this off too quickly, James Woodyatt's proxy redirection is a perfect example of a use for Type 0 Routing Headers. He wants the firewall to redirect traffic through a designated point (what this header was designed to do), and the only hammer at his immediate disposal was IPv6/IPv6 nat. It is certainly reasonable to have a BCP that says 'these should be filtered at policy boundaries unless there is a good reason to do otherwise', but they are a tool to solve some very specific corner cases. Tony > -----Original Message----- > From: owner-v6ops@ops.ietf.org [mailto:owner-v6ops@ops.ietf.org] On > Behalf Of Ed Jankiewicz > Sent: Wednesday, April 25, 2007 8:13 AM > To: v6ops@ops.ietf.org > Cc: Rob Austein; ipv6@ietf.org; ipv6-ops@lists.cluenet.de; > nav6tf@ipv6forum.com > Subject: Re: IPv6 Type 0 Routing Header issues > > I am facing a similar dilemma. Currently editing version 2.0 draft of > the US DoD "DISR Product Profiles for IPv6" and considering adding a > THOU SHALT NOT or at least "it would be a great idea if you didn't" > forward based on RH0 due to this vulnerability. At the very least I > will note this risk, suggesting that vendors SHOULD provide a means of > disabling RH0, and also consider disabling by default. > > Especially interested in strong opinions from vendors about difficulty > in complying if that were the case. Cross posting to NAv6TF as well, > but please reply directly to ed.jankiewicz@sri.com and avoid cluttering > up the lists with specific objections and suggestions. I will summarize > back to the lists. > > Thanks > Ed J. > > Rob Austein wrote: > > At Wed, 25 Apr 2007 09:41:09 +0200 (CEST), Mohacsi Janos wrote: > > > >> The current patch provided by OpenBSD/FreeBSD makes *BSD IPv6 > >> implemenation non-conformant to standard. > >> > > > > Sometimes violating the standard is the only reasonable thing for an > > implementor to do. The (IPv4) stack I worked on back in the '90s > > shipped with forwarding of directed broadcast disabled by default, > > long before anybody had heard of a "smurf attack". The stack had a > > compile-time option to enable forwarding of directed broadcast; from > > memory, the documentation for that option went something like this: > > > > "This option exists solely to allow this software to comply with RFC > > 1812. Directed broadcast is dangerous, no matter what RFC 1812 > > says. Never enable this option under any circumstances." > > > > Eventually the IETF gathered the collective will to update the > > standard, but as implementors we would have been derelict in our duty > > to our customers had we waited for the IETF. > > > > > > -- > Ed Jankiewicz - SRI International > Fort Monmouth Branch Office - IPv6 Research > Supporting DISA Standards Engineering Branch > 732-389-1003 or ed.jankiewicz@sri.com > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- IPv6 Type 0 Routing Header issues Jeroen Massar
- Re: IPv6 Type 0 Routing Header issues Jari Arkko
- Re: IPv6 Type 0 Routing Header issues George V. Neville-Neil
- Re: IPv6 Type 0 Routing Header issues Mohacsi Janos
- Re: IPv6 Type 0 Routing Header issues David Malone
- Re: IPv6 Type 0 Routing Header issues Remi Denis-Courmont
- Re: IPv6 Type 0 Routing Header issues Jun-ichiro itojun Hagino
- Re: IPv6 Type 0 Routing Header issues Paul Vixie
- Re: IPv6 Type 0 Routing Header issues Jun-ichiro itojun Hagino
- Re: IPv6 Type 0 Routing Header issues Rob Austein
- Re: IPv6 Type 0 Routing Header issues Tim Enos
- Question for IPv6 w.g. on [Re: IPv6 Type 0 Routin… Bob Hinden
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Perry Lorier
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Brian E Carpenter
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… David Malone
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… David Malone
- Re: IPv6 Type 0 Routing Header issues Ed Jankiewicz
- Re: IPv6 Type 0 Routing Header issues Gert Doering
- Re: IPv6 Type 0 Routing Header issues Gert Doering
- RE: IPv6 Type 0 Routing Header issues Manfredi, Albert E
- RE: IPv6 Type 0 Routing Header issues Tony Hain
- RE: IPv6 Type 0 Routing Header issues Tony Hain
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Tony Hain
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… james woodyatt
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… james woodyatt
- Re: IPv6 Type 0 Routing Header issues George V. Neville-Neil
- Re: IPv6 Type 0 Routing Header issues Alun Evans
- Re: IPv6 Type 0 Routing Header issues Jeroen Massar
- Re: IPv6 Type 0 Routing Header issues David Malone
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- Re: IPv6 Type 0 Routing Header issues Ebalard, Arnaud
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Ignatios Souvatzis
- itojun2.0 (RE: IPv6 Type 0 Routing Header issues) Jun-ichiro itojun Hagino 2.0
- Re: itojun2.0 (RE: IPv6 Type 0 Routing Header iss… Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jari Arkko
- RE: IPv6 Type 0 Routing Header issues Manfredi, Albert E
- RE: IPv6 Type 0 Routing Header issues Tony Hain
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Dave Thaler
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Tim Hartrick
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- RE: IPv6 Type 0 Routing Header issues Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Theo de Raadt
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Bob Hinden
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Pekka Savola
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Brian E Carpenter
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Pars Mutaf
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Theo de Raadt
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Dave Thaler
- RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jun-ichiro itojun Hagino 2.0
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Eric Klein
- Re: IPv6 Type 0 Routing Header issues james woodyatt
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Brian E Carpenter
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Roger Jorgensen
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jeroen Massar
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Paul Vixie
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Eric Klein
- Re: IPv6 Type 0 Routing Header issues George V. Neville-Neil
- Re: IPv6 Type 0 Routing Header issues Ebalard, Arnaud
- Re: IPv6 Type 0 Routing Header issues gnn
- Re: IPv6 Type 0 Routing Header issues Mini
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Jeroen Massar
- Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Ro… Eric Klein
- Re: Question for IPv6 w.g. on Kenjiro Cho
- Re: itojun2.0 (RE: IPv6 Type 0 Routing Header iss… Jun-ichiro itojun Hagino 2.0
- Re: itojun2.0 (RE: IPv6 Type 0 Routing Header iss… Jun-ichiro itojun Hagino 2.0
- Re: IPv6 Type 0 Routing Header issues David Malone
- Re: IPv6 Type 0 Routing Header issues Jun-ichiro itojun Hagino 2.0