IETF Logo Mail Archive

Re: you have running code ... I-D Action: draft-ietf-6man-ipv6only-flag-03.txt

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 06 November 2018 07:29 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8057B128CB7 for <ipv6@ietfa.amsl.com>; Mon, 5 Nov 2018 23:29:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.97
X-Spam-Level:
X-Spam-Status: No, score=-14.97 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vQnXwA34EV9s for <ipv6@ietfa.amsl.com>; Mon, 5 Nov 2018 23:29:30 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 436DB128A5C for <ipv6@ietf.org>; Mon, 5 Nov 2018 23:29:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1930; q=dns/txt; s=iport; t=1541489370; x=1542698970; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=ucdL20xP/NxoVfqh2KQkdTQnNzxzmp9DiYjfT7hTHX0=; b=Dcm3mT/wZ2dQ6/1UwTj9RwRHF84XxDO8bHs1GrqVzwHF3kBPYeDsTFwY YSOhGYX0fvLdf+vcVfn+HxPEFWoB+E5R3/VegiBVm1LsUPb7EBfTlgyNp vb0ZEclcHL8SWOaR4VMPffp0dcuohzOQzLlNYqZTQzha1WxOXLWrcAuAs 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ADAABrQuFb/5pdJa1kGQEBAQEBAQEBAQEBAQcBAQEBAQGBUQQBAQEBAQsBgVUvZn8oCoNsiBiOAJdUFIFmCwEBGAuESQIXg0EiNA0NAQMBAQIBAQJtHAyFOwIEAQEhEToLEAIBCBoCJgICAiULFRACBAENBYMhAYIBD6hwgS6KLgWBC4prF4FBP4E4DBOCTIMbAQGBLgESAR8Xgm0xgiYCiQmWKgkCkQ8YkGCXIgIRFIEmHThkcXAVOyoBgkGCJxeIXYU+b4ttgR+BHwEB
X-IronPort-AV: E=Sophos;i="5.54,470,1534809600"; d="scan'208";a="259207141"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Nov 2018 07:29:25 +0000
Received: from XCH-RTP-013.cisco.com (xch-rtp-013.cisco.com [64.101.220.153]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id wA67TPBL000402 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 6 Nov 2018 07:29:25 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-013.cisco.com (64.101.220.153) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 6 Nov 2018 02:29:24 -0500
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1395.000; Tue, 6 Nov 2018 02:29:24 -0500
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Nick Hilliard <nick@foobar.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
CC: "ipv6@ietf.org" <ipv6@ietf.org>
Subject: Re: you have running code ... I-D Action: draft-ietf-6man-ipv6only-flag-03.txt
Thread-Topic: you have running code ... I-D Action: draft-ietf-6man-ipv6only-flag-03.txt
Thread-Index: AQHUZaVwWh7cAlkP9UKM0gKm7J2j56U4kZEAgAAEOQCAANkRgIAArMqAgAJBRACAAN0FAIABEJ2AgACh9YCAAjdLAIAAGeqAgAA8i4CAAciAgA==
Date: Tue, 06 Nov 2018 07:29:24 +0000
Message-ID: <BB0D7167-E99D-4259-AE54-F4313FE13147@cisco.com>
References: <153973137181.9473.10666616544238076833@ietfa.amsl.com> <6264F7A1-59EB-467D-A576-E5F2F0DEE7DD@lists.zabbadoz.net> <CACWOCC-xL0PfkNHgCqhB28GE-jCWUUagQE4PukdpXK+YHgWpyg@mail.gmail.com> <97ba35ff-b4a7-314c-3010-297d06be645d@foobar.org> <01c2a55e-1888-3ebc-3252-11b9005b8272@gmail.com> <0abd7b4d-b0e0-b1bc-2468-678befbc7cac@asgard.org> <3e155df0-5799-8788-5fbe-767a7421828c@gmail.com> <18646396-e3f7-b9ad-3871-69868468859a@asgard.org> <d080497b-4f39-b877-1524-f23d9b1446e0@gmail.com> <95654922-acd1-3cb3-c650-942c97e3cc85@asgard.org> <cb3e14a8-91d7-f247-e6aa-d08f38b58bc5@gmail.com> <b067b06e-084b-b32f-21fb-137b39985b83@foobar.org>
In-Reply-To: <b067b06e-084b-b32f-21fb-137b39985b83@foobar.org>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.3.181015
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.68.214.26]
Content-Type: text/plain; charset="utf-8"
Content-ID: <C0F9BF26C062544AA38755F2490CFA83@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Outbound-SMTP-Client: 64.101.220.153, xch-rtp-013.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/P5Gzk4DrFoiyAMtNxLihNj6ccTk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2018 07:29:33 -0000

Nick

Just reading you now at the 6MAN WG meeting after making exactly the same point as yours :-(

To busy here to follow all email messages...

-éric

On 05/11/2018, 18:16, "ipv6 on behalf of Nick Hilliard" <ipv6-bounces@ietf.org on behalf of nick@foobar.org> wrote:

    Brian E Carpenter wrote on 05/11/2018 07:38:
    > And yes, a host MAY ignore it (that's the complement to the SHOULD
    > in the draft). We've never said anything else.
    
    yes, but you have stated "On an IPv6-Only link, IPv4 might be used for 
    malicious purposes and pass unnoticed by IPv6-Only monitoring mechanisms".
    
    If you want ipv6only-flag to be advisory, then you need to remove this 
    bullet-point from the document because the presence or absence of an RA 
    with ipv6only-flag set will not have any effect on malicious use of ipv4 
    on an otherwise "ipv6-only" network.
    
    You cannot use security to justify something unless the proposal 
    provides a mechanism for enforcement; if you have no means of 
    enforcement, it's fluff, not security.
    
    Nick
    
    --------------------------------------------------------------------
    IETF IPv6 working group mailing list
    ipv6@ietf.org
    Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
    --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email