IETF Logo Mail Archive

RE: draft-bonica-6man-frag-deprecate

"Templin, Fred L" <Fred.L.Templin@boeing.com> Fri, 28 June 2013 00:09 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 285D721F9D67 for <ipv6@ietfa.amsl.com>; Thu, 27 Jun 2013 17:09:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.649
X-Spam-Level:
X-Spam-Status: No, score=-5.649 tagged_above=-999 required=5 tests=[AWL=0.350, BAYES_00=-2.599, J_CHICKENPOX_21=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZC0Y1cxb7z6 for <ipv6@ietfa.amsl.com>; Thu, 27 Jun 2013 17:09:11 -0700 (PDT)
Received: from blv-mbsout-02.boeing.com (blv-mbsout-02.boeing.com [130.76.32.232]) by ietfa.amsl.com (Postfix) with ESMTP id 6953B21F9D3B for <ipv6@ietf.org>; Thu, 27 Jun 2013 17:09:11 -0700 (PDT)
Received: from blv-mbsout-02.boeing.com (localhost.localdomain [127.0.0.1]) by blv-mbsout-02.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id r5S09AUt022577 for <ipv6@ietf.org>; Thu, 27 Jun 2013 17:09:10 -0700
Received: from XCH-NWHT-09.nw.nos.boeing.com (xch-nwht-09.nw.nos.boeing.com [130.247.25.115]) by blv-mbsout-02.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id r5S098Zu022572 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Thu, 27 Jun 2013 17:09:08 -0700
Received: from XCH-BLV-305.nw.nos.boeing.com (130.247.25.217) by XCH-NWHT-09.nw.nos.boeing.com (130.247.25.115) with Microsoft SMTP Server (TLS) id 8.3.297.1; Thu, 27 Jun 2013 17:09:09 -0700
Received: from XCH-BLV-504.nw.nos.boeing.com ([169.254.4.48]) by XCH-BLV-305.nw.nos.boeing.com ([169.254.5.115]) with mapi id 14.02.0328.011; Thu, 27 Jun 2013 17:09:08 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Karl Auer <kauer@biplane.com.au>, "ipv6@ietf.org" <ipv6@ietf.org>
Subject: RE: draft-bonica-6man-frag-deprecate
Thread-Topic: draft-bonica-6man-frag-deprecate
Thread-Index: AQHOc5J1UZaGJnzSMU6ZOUB9nA7EbJlKPuaw
Date: Fri, 28 Jun 2013 00:09:07 +0000
Message-ID: <2134F8430051B64F815C691A62D983180AF228@XCH-BLV-504.nw.nos.boeing.com>
References: <2CF4CB03E2AA464BA0982EC92A02CE2509F85151@BY2PRD0512MB653.namprd05.prod.outlook.com> <51C32FA9.1090207@gmail.com> <2CF4CB03E2AA464BA0982EC92A02CE2509F85F38@BY2PRD0512MB653.namprd05.prod.outlook.com> <20130624204008.GB3647@virgo.local> <20130624205226.GC3647@virgo.local> <2CF4CB03E2AA464BA0982EC92A02CE2509F8761C@BY2PRD0512MB653.namprd05.prod.outlook.com> <51C902DC.9000408@gmail.com> <m24ncmaozs.wl%randy@psg.com> <2EA20F89-02F5-4D06-90EE-A7D2974045A3@employees.org> <m2li5yj7u3.wl%randy@psg.com> <8C48B86A895913448548E6D15DA7553B9268E3@xmb-rcd-x09.cisco.com> <m2ehbpij86.wl%randy@psg.com> <51CB91E4.5090603@gmail.com> <CADoTVZLe=dm+JhMSAxFiAYpUMG=T-cUFdtkdHtmzmebG9=Dujw@mail.gmail.com> <2134F8430051B64F815C691A62D983180AECDE@XCH-BLV-504.nw.nos.boeing.com> <CADoTVZLEKt1FdB+UadvAM6AeVZ3Weacm+0o74F9aYqxmrisBqg@mail.gmail.com> <00de01ce7385$15428a50$3fc79ef0$@tndh.net> <20130627233130.345EB36613EA@drugs.dv.isc.org> <1372377611.3215.141.camel@karl>
In-Reply-To: <1372377611.3215.141.camel@karl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.247.104.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2013 00:09:16 -0000

> -----Original Message-----
> From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf Of
> Karl Auer
> Sent: Thursday, June 27, 2013 5:00 PM
> To: ipv6@ietf.org
> Subject: Re: draft-bonica-6man-frag-deprecate
> 
> On Fri, 2013-06-28 at 09:31 +1000, Mark Andrews wrote:
> > Then add a cryptographic checksum of the original packet when
> fragmenting.
> > 48 bits in a HBH should be enough.
> 
> Why HBH? Is that to prevent it being send in a fragment itself? And,
> um,
> I hate to suggest this, but isn't that sort of exactly what the AH
> header is for? I know, I know.... (covers head, ducks)

SEAL has the *option* to insert a per-segment HMAC that the destination
can use for data origin verification. Sort of like AH, but this is only
one *optional* mode of operation.

But that said, going back to Tony's scenario why would an adversary
that is already able to get the destination to accept its packets
bother with finessing the reassembly cache? Upper-layer checksums
would weed out bad reassemblies, while the attacker could much
more easily just inject whole packets that are evil.

Thanks - Fred
fred.l.templin@boeing.com

> Regards, K.
> 
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Karl Auer (kauer@biplane.com.au)
> http://www.biplane.com.au/kauer
> http://twitter.com/kauer389
> 
> GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
> Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email