RE: RFC 2461- issue list
Pekka Savola <pekkas@netcore.fi> Fri, 24 October 2003 06:43 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA18598 for <ipv6-archive@odin.ietf.org>; Fri, 24 Oct 2003 02:43:56 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1ACvfc-0000Iy-HP for ipv6-archive@odin.ietf.org; Fri, 24 Oct 2003 02:43:37 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h9O6haip001173 for ipv6-archive@odin.ietf.org; Fri, 24 Oct 2003 02:43:36 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1ACvfc-0000Ig-7F for ipv6-web-archive@optimus.ietf.org; Fri, 24 Oct 2003 02:43:36 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA18572 for <ipv6-web-archive@ietf.org>; Fri, 24 Oct 2003 02:43:25 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1ACvfY-0006XW-00 for ipv6-web-archive@ietf.org; Fri, 24 Oct 2003 02:43:32 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1ACvfX-0006XT-00 for ipv6-web-archive@ietf.org; Fri, 24 Oct 2003 02:43:32 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1ACvf5-0000CS-LM; Fri, 24 Oct 2003 02:43:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1ACveL-000094-0G for ipv6@optimus.ietf.org; Fri, 24 Oct 2003 02:42:17 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA18555 for <ipv6@ietf.org>; Fri, 24 Oct 2003 02:42:05 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1ACveH-0006XC-00 for ipv6@ietf.org; Fri, 24 Oct 2003 02:42:13 -0400
Received: from netcore.fi ([193.94.160.1]) by ietf-mx with esmtp (Exim 4.12) id 1ACveG-0006Wn-00 for ipv6@ietf.org; Fri, 24 Oct 2003 02:42:12 -0400
Received: from localhost (pekkas@localhost) by netcore.fi (8.11.6/8.11.6) with ESMTP id h9O6fZ419931; Fri, 24 Oct 2003 09:41:36 +0300
Date: Fri, 24 Oct 2003 09:41:35 +0300
From: Pekka Savola <pekkas@netcore.fi>
To: "Bound, Jim" <jim.bound@hp.com>
cc: Soliman Hesham <H.Soliman@flarion.com>, ipv6@ietf.org
Subject: RE: RFC 2461- issue list
In-Reply-To: <9C422444DE99BC46B3AD3C6EAFC9711B047CA17F@tayexc13.americas.cpqcorp.net>
Message-ID: <Pine.LNX.4.44.0310240927150.19368-100000@netcore.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: ipv6-admin@ietf.org
Errors-To: ipv6-admin@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Id: IP Version 6 Working Group (ipv6) <ipv6.ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Hi, My initial thought is also that we should not make RFC 2461bis (or 2462bis) include every extension specified since 1998. Those can stay very well in separate drafts. Of course, we should still consider whether we want to enable the base spec to give more flexibility (e.g., the solicitation timers etc.) for those extensions. There is a clear distinction between these two, IMHO. Another thought: if we recycle RFC2461bis to DS, I think we should re-do the implementation reports if we changed the code (not sure whether new reports is _required_..). This may not be a bad thing, as the current implementation reports should (IMHO) be a bit more detailed than that.. However, there are some things which need addressing now. Inline about two IMHO important classes of issues.. On Fri, 24 Oct 2003, Bound, Jim wrote: [...] > > Issue 3: On-link assumptions in 2461 considered harmful. > > This issue was raised by Alain and documented in: > > draft-ietf-v6ops-onlinkassumption-00.txt > > draft-ietf-v6ops-v6onbydefault-00.txt > > Also see related issue in section 2.4 of: > > http://www.ctie.monash.edu.au/ipv6/draft-jinchoi-ipv6-cRA-00.txt > > This is nothing more than a note and should not be put into 2461. On the contrary, I believe this will of critical for the success of IPv6, and MUST BE dealt with. Whether the WG thinks it is just enough to explicitly state the tradeoffs here, or whether the spec needs to be changed is a different subject. > > SEND issues: > > > > Issue 7: All the security discussions (e.g. assuming that AH > > or ESP can be added to the ND messages) will need to > > be put in the context of SEND. > > > > Issue 8: Security considerations section needs to consider issues > > in: draft-ietf-send-psreq-04 > > > > Issue 9: The chicken and egg problem for ND security using IKE > > as specified in: > > draft-arkko-icmpv6-ike-effects-02 > > > > and manual SAs issues addressed in: > > draft-arkko-manual-icmpv6-sas-02 > > ND with IPsec is secure. Mobile creates new attacks. SEND should do > their own spec and add value to ND. ND should not be updated. I argue > and question the entire notion of SEND all the time. Not going there > again. It is simply not needed for non mobile environments. I think it may not have been clear what these issues imply. To me, it seems clear that we will not be creating a new "secure ND" out of RFC2461bis. However, now that we're identified the shortcomings of ND from the SEND work, we MUST include (some) discussion on these subjects in this spec. This may also result in some changes or optional toggles to make "plain ND" a bit more resistant to attacks, but that's not necessary as long as the issues are documented so the implementors and the users of ND are aware of them. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- RFC 2461- issue list Soliman Hesham
- Re: RFC 2461- issue list Erik Nordmark
- RE: RFC 2461- issue list Soliman Hesham
- Re: RFC 2461- issue list Vijay Devarapalli
- Re: RFC 2461- issue list JINMEI Tatuya / 神明達哉
- RE: RFC 2461- issue list Bound, Jim
- RE: RFC 2461- issue list Pekka Savola
- RE: RFC 2461- issue list Soliman Hesham
- RE: RFC 2461- issue list Soliman Hesham
- Re: RFC 2461- issue list Vijay Devarapalli
- Re: RFC 2461- issue list Brian Haberman
- RFC 2460 issue Alain Durand
- RE: RFC 2461- issue list Erik Nordmark
- RE: RFC 2461- issue list Soliman Hesham
- Re: A list of issues for RFC2462 update JinHyeock Choi
- Re: A list of issues for RFC2462 update JinHyeock Choi
- Re: RFC 2461- issue list Francis Dupont
- Re: RFC 2461- issue list Erik Nordmark
- RE: RFC 2461- issue list Soliman Hesham
- Re: RFC 2461- issue list Vijay Devarapalli
- Re: RFC 2460 issue Fred Templin
- Re: RFC 2461- issue list Pekka Savola
- RE: RFC 2461- issue list Soliman Hesham
- Re: RFC 2461- issue list Greg Daley
- Re: RFC 2461- issue list: Prefixes with L=0 JinHyeock Choi
- implementation reports for rfc246[01]bis (Re: RFC… JINMEI Tatuya / 神明達哉
- Re: RFC 2461- issue list JINMEI Tatuya / 神明達哉
- Re: implementation reports for rfc246[01]bis (Re:… Fred Templin
- Re: implementation reports for rfc246[01]bis (Re:… JINMEI Tatuya / 神明達哉
- Re: RFC 2461- issue list Greg Daley