Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt

Ole Troan <otroan@employees.org> Sat, 09 November 2019 21:49 UTC

Return-Path: <otroan@employees.org>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C5681200FF for <opsec@ietfa.amsl.com>; Sat, 9 Nov 2019 13:49:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o3Ig4ZZfAOiV for <opsec@ietfa.amsl.com>; Sat, 9 Nov 2019 13:49:31 -0800 (PST)
Received: from clarinet.employees.org (clarinet.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9053212001E for <opsec@ietf.org>; Sat, 9 Nov 2019 13:49:31 -0800 (PST)
Received: from [192.168.10.145] (dhcp217197164246.blix.com [217.197.164.246]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id A9CE04E11B11; Sat, 9 Nov 2019 21:49:29 +0000 (UTC)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: Ole Troan <otroan@employees.org>
Mime-Version: 1.0 (1.0)
Date: Sat, 9 Nov 2019 22:49:26 +0100
Message-Id: <21EF15E3-51F0-405A-86D1-C68567DBEFFF@employees.org>
References: <DB5FA864-FE44-4B3E-87A1-DFF72623AC8C@gmail.com>
Cc: Gyan Mishra <hayabusagsm@gmail.com>, "opsec@ietf.org" <opsec@ietf.org>
In-Reply-To: <DB5FA864-FE44-4B3E-87A1-DFF72623AC8C@gmail.com>
To: Bob Hinden <bob.hinden@gmail.com>
X-Mailer: iPhone Mail (17C5032d)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/GwIwgvsjXl86mEQSVlYTghDE-ps>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-v6-21.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Nov 2019 21:49:34 -0000


> On 9 Nov 2019, at 22:35, Bob Hinden <bob.hinden@gmail.com> wrote:
> 
>>>>> The hop-by-hop options header, when present in an IPv6 packet, forces
>>>>> all nodes in the path to inspect this header in the original IPv6
>>>>> specification [RFC2460].  This enables denial of service attacks as
>>>>> most, if not all, routers cannot process this kind of packets in
>>>>> hardware but have to 'punt' this packet for software processing.

I believe this statement is far out of date. 
I would recommend getting recent data on this or delete it. 

Cheers 
Ole