IETF Logo Mail Archive

Re: AUTH48 changes to draft-ietf-6man-rfc6434-bis-09

Carsten Bormann <cabo@tzi.org> Thu, 20 December 2018 17:35 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0EE212D4ED; Thu, 20 Dec 2018 09:35:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HqcQOoY17gG8; Thu, 20 Dec 2018 09:35:43 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F45313114F; Thu, 20 Dec 2018 09:35:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost2.informatik.uni-bremen.de [IPv6:2001:638:708:30c8:406a:91ff:fe74:f2b7]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id wBKHZY2u013041; Thu, 20 Dec 2018 18:35:39 +0100 (CET)
Received: from client-0187.vpn.uni-bremen.de (client-0187.vpn.uni-bremen.de [134.102.107.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 43LJnL4DPDz1Br6; Thu, 20 Dec 2018 18:35:34 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Subject: Re: AUTH48 changes to draft-ietf-6man-rfc6434-bis-09
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <8A9ACE0F-8EF7-48D7-AB1A-309D05A350CC@gmail.com>
Date: Thu, 20 Dec 2018 18:35:33 +0100
Cc: 6man WG <ipv6@ietf.org>, draft-ietf-6man-rfc6434-bis@ietf.org, 6man Chairs <6man-chairs@ietf.org>
X-Mao-Original-Outgoing-Id: 567020132.028336-f15b4e289bd56f73a1a00a35d32d81b3
Content-Transfer-Encoding: quoted-printable
Message-Id: <163A5F42-1D04-4B4A-8EE0-844BC76F0E7B@tzi.org>
References: <8A9ACE0F-8EF7-48D7-AB1A-309D05A350CC@gmail.com>
To: Suresh Krishnan <suresh.krishnan@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/KbzklEzDlNVlFlzd45UiB8U-ix4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Dec 2018 17:35:45 -0000

On Dec 20, 2018, at 07:20, Suresh Krishnan <suresh.krishnan@gmail.com> wrote:
> 
> NEW:
> 
> As per RFC 6980, hosts MUST NOT employ IPv6 fragmentation for sending any of the following Neighbor Discovery and SEcure Neighbor Discovery messages: Neighbor Solicitation, Neighbor Advertisement, Router Solicitation, Router Advertisement, Redirect, or Certification Path Solicitation.

Is it intentional that this places a requirement only on senders, not on receivers?
It’s the receivers that are subject to the attacks enabled by fragmentation, so they are the ones that would need to ignore fragmented ND messages.

Grüße, Carsten

v2.23.0 | Report a Bug | By Email