IETF Logo Mail Archive

Re: Errata for RFC4862

otroan@employees.org Mon, 09 January 2017 12:52 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AF2B129C7A for <ipv6@ietfa.amsl.com>; Mon, 9 Jan 2017 04:52:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.335
X-Spam-Level:
X-Spam-Status: No, score=-1.335 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=employees.org; domainkeys=pass (1024-bit key) header.from=otroan@employees.org header.d=employees.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Sx-XtXXOAuK for <ipv6@ietfa.amsl.com>; Mon, 9 Jan 2017 04:52:18 -0800 (PST)
Received: from inbound03.kjsl.com (inbound03.kjsl.com [IPv6:2001:1868:a100:131::62]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 844A4129C5C for <ipv6@ietf.org>; Mon, 9 Jan 2017 04:52:18 -0800 (PST)
Received: from cowbell.employees.org ([IPv6:2001:1868:a000:17::142]) by ironport03.kjsl.com with ESMTP; 09 Jan 2017 12:51:57 +0000
Received: from cowbell.employees.org (localhost [127.0.0.1]) by cowbell.employees.org (Postfix) with ESMTP id BFAB29CC81; Mon, 9 Jan 2017 04:51:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s= selector1; bh=gi9XshheLmuzEU5CXvr2I8i+5pk=; b=p6Fit06keINPLEjNC9 SNAZrsqIzGqMMLK6Ydju24dABAN+3MPHxIINtE30dS1EvcUfaecbqWPpxcxhGsyO nLugVeTu1TC772iI5WzuBncfguT3WAv3ECDoCj3dlumwqdzhocT3T6YYDGNIGaUE /9SoTcQyRbEjb9kyKO7xfwEso=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; q=dns; s= selector1; b=K0ZTXYX+eM65VpeVeKdsrQuNaU8La43W6TqKWtVOuWCzYinSdFs mQUctvv33g37H/NlPTQizRZelzBIVir8LAYsJU9+UjvSPjChCia2YZ/ieBDsfow9 YzHPzQbsrgofi91Mi+L3kucxx9h0y7adopxO1GgfsdN/ZSUJD/o9cIx4=
Received: from h.hanazo.no (unknown [51.175.103.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: otroan) by cowbell.employees.org (Postfix) with ESMTPSA id 8B8E79CC80; Mon, 9 Jan 2017 04:51:56 -0800 (PST)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by h.hanazo.no (Postfix) with ESMTP id D926D7287CE1; Mon, 9 Jan 2017 13:51:54 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: Errata for RFC4862
From: otroan@employees.org
In-Reply-To: <7294d455-f526-6832-be62-b5a2d1473b7e@si6networks.com>
Date: Mon, 09 Jan 2017 13:51:54 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <B02BD61F-8C7C-4E60-9EC8-9F84612DD7C5@employees.org>
References: <CAO42Z2xH9wqXKFjtAbv6isQ3cG1=FNUmkNFq2DGJdqj9BFDVaQ@mail.gmail.com> <E459F5B0-D088-4D74-B92A-9A8671249716@employees.org> <7294d455-f526-6832-be62-b5a2d1473b7e@si6networks.com>
To: Fernando Gont <fgont@si6networks.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/V2cEwG200naEKVxfsKr5imvpxZc>
Cc: 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2017 12:52:19 -0000

Fernando,

>> The current text is crafted both to allow renumbering and to support
>> scenarios where the RA lifetimes are short. I.e. under two hours. 
>> Your proposed changes appear to lock the lifetimes to no less than
>> two hours. Is that correctly understood?
>> 
>> Btw, this might not be appropriate for an erratum, but I do also
>> think we should revisit this behaviour. 
> 
> +1.
> 
> Note, however, that there are other values to be sanity-checked in a
> similar way.

Quite possibly. For this particular one it is arguable of its value though.
If the attacker is controlling a node on a BMA link you have a problem regardless.

O.

v2.23.0 | Report a Bug | By Email