Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard
otroan@employees.org Tue, 07 February 2017 21:32 UTC
Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 418091293FB; Tue, 7 Feb 2017 13:32:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=employees.org; domainkeys=pass (1024-bit key) header.from=otroan@employees.org header.d=employees.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sDgrZf4mKko1; Tue, 7 Feb 2017 13:32:00 -0800 (PST)
Received: from esa01.kjsl.com (esa01.kjsl.com [IPv6:2607:7c80:54:3::87]) by ietfa.amsl.com (Postfix) with ESMTP id CB9641288B8; Tue, 7 Feb 2017 13:32:00 -0800 (PST)
Received: from cowbell.employees.org ([198.137.202.74]) by esa01.kjsl.com with ESMTP; 07 Feb 2017 21:32:00 +0000
Received: from cowbell.employees.org (localhost [127.0.0.1]) by cowbell.employees.org (Postfix) with ESMTP id 6CE45D788B; Tue, 7 Feb 2017 13:32:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h=from :message-id:content-type:mime-version:subject:date:in-reply-to :cc:to:references; s=selector1; bh=y0h/ZAObWEk7n7caOQxPMGUOjRM=; b= PyaC00YtHZIQabGP53V5drCgx9NFjQ9Ef9yE9Dek/9a/s32QVWYSM6ppVsgd6tvl /RmwB305g1qvccAYA9tk8ga06tRaVrucYeUHk+7u3Df4RM9io4pn1uMIaOkPRLzG AsL8E+xziUxwj5hcINok8Yf8VEfuXGuoWyBmnbgc72Q=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=from :message-id:content-type:mime-version:subject:date:in-reply-to :cc:to:references; q=dns; s=selector1; b=bKKoZ45I4rRDG+DShY8C36/ 82XNQ79UhQi9hdzZruBvaivK9IZ/L+HazRYgynWY166R4QvbSnU4nF6sMZ/GjIHZ rTb7jYkGkx1WLj9FxU1smxN0ZXA8C6UtvUtkUCvHY2r0j6KrBAtlNUuEiXKNccAR tQjxKLyt0OeFVAVgJL/g=
Received: from h.hanazo.no (96.51-175-103.customer.lyse.net [51.175.103.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: otroan) by cowbell.employees.org (Postfix) with ESMTPSA id EAE0BD788A; Tue, 7 Feb 2017 13:31:59 -0800 (PST)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by h.hanazo.no (Postfix) with ESMTP id CF2148662B88; Tue, 7 Feb 2017 22:31:57 +0100 (CET)
From: otroan@employees.org
Message-Id: <931F16A4-BF00-4695-857E-F90703A09D32@employees.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_B28B8140-75C7-4779-B2FF-EC5A0E59E649"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard
Date: Tue, 07 Feb 2017 22:31:57 +0100
In-Reply-To: <1d3c4a88-8c50-a0e2-f852-798d671c8750@isi.edu>
To: Joe Touch <touch@isi.edu>
References: <148599312602.18643.4886733052828400859.idtracker@ietfa.amsl.com> <1859B1D9-9E42-4D65-98A8-7A326EDDE560@netapp.com> <f8291774-409e-2948-3b29-83dbb09d39d9@si6networks.com> <63eaf82e-b6d5-bff5-4d48-479e80ed4698@gmail.com> <2d36e28c-ee7d-20fc-3fec-54561e520691@si6networks.com> <C0A114C1-5E4A-4B8E-A408-55AF1E30873F@netapp.com> <3A5429F6-0EA6-436A-AF30-E55C9026F456@employees.org> <8cf1fe7d-bdfd-5e81-e61f-55d9ecd5d28a@isi.edu> <7E9AB9E8-3FCB-4475-BEEB-F18CFC4BC752@employees.org> <8076a1ea-182d-9cbe-f954-3e50f0fc53d9@isi.edu> <E11F9A4D-DE9E-4BFD-8D0D-252842719FC5@employees.org> <a479d81e-42f9-0695-f31a-c494c02de9af@isi.edu> <4118C6CE-7649-436B-9598-78A034AFFE50@employees.org> <1d3c4a88-8c50-a0e2-f852-798d671c8750@isi.edu>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/L35-2uquLBvktlXhdsD98KUSWv4>
Cc: 6man WG <ipv6@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-6man-rfc1981bis@ietf.org" <draft-ietf-6man-rfc1981bis@ietf.org>, "tsv-area@ietf.org" <tsv-area@ietf.org>, "Eggert, Lars" <lars@netapp.com>, "6man-chairs@ietf.org" <6man-chairs@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2017 21:32:02 -0000
Thanks Joe. > I'd add one sentence about Fred's observation too: > > In addition, spoofed ICMP messages can also affect the correct operation > of PMTUD. You don't think that's covered by the existing security considerations: This Path MTU Discovery mechanism makes possible two denial-of- service attacks, both based on a malicious party sending false Packet Too Big messages to a node. In the first attack, the false message indicates a PMTU much smaller than reality. This should not entirely stop data flow, since the victim node should never set its PMTU estimate below the IPv6 minimum link MTU. It will, however, result in suboptimal performance. In the second attack, the false message indicates a PMTU larger than reality. If believed, this could cause temporary blockage as the victim sends packets that will be dropped by some router. Within one round-trip time, the node would discover its mistake (receiving Packet Too Big messages from that router), but frequent repetition of this attack could cause lots of packets to be dropped. A node, however, should never raise its estimate of the PMTU based on a Packet Too Big message, so should not be vulnerable to this attack. Best regards, Ole
- Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (P… The IESG
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Fernando Gont
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Eggert, Lars
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Fernando Gont
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Eggert, Lars
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Fernando Gont
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Brian E Carpenter
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Eggert, Lars
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… otroan
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Eggert, Lars
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Eggert, Lars
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Eggert, Lars
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… otroan
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Fernando Gont
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Brian E Carpenter
- RE: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Fred Baker
- RE: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Eggert, Lars
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… otroan
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Bob Hinden
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Joe Touch
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… otroan
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Joe Touch
- RE: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Joe Touch
- RE: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… otroan
- RE: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Joe Touch
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… otroan
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Joe Touch
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… otroan
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Joe Touch
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Fernando Gont
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Fernando Gont
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Fernando Gont
- RE: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Fernando Gont
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Gorry Fairhurst
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Joe Touch
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Joe Touch
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Gorry Fairhurst
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Gorry Fairhurst
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Joe Touch
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Gorry Fairhurst
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Joe Touch
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Gorry Fairhurst
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Joe Touch
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Bob Hinden
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Gorry Fairhurst
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Bob Hinden
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Gorry Fairhurst
- Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt… Bob Hinden