Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking IPv6 extension headers? (Episode 1000 and counting) (Linux DoS)
Haisheng Yu <hsyu@cfiec.net> Fri, 26 May 2023 04:15 UTC
Return-Path: <hsyu@cfiec.net>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C61DC16951B; Thu, 25 May 2023 21:15:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.782
X-Spam-Level:
X-Spam-Status: No, score=-1.782 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oyo0NojhvG6C; Thu, 25 May 2023 21:15:47 -0700 (PDT)
Received: from smtpbgjp3.qq.com (smtpbgjp3.qq.com [54.92.39.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B722C14CE4C; Thu, 25 May 2023 21:15:45 -0700 (PDT)
X-QQ-mid: bizesmtp84t1685074484t21r4lzf
Received: from DESKTOP-3U2VLEE ( [60.247.14.2]) by bizesmtp.qq.com (ESMTP) with id ; Fri, 26 May 2023 12:14:40 +0800 (CST)
X-QQ-SSF: 00400000000000C0Z000000A0000000
X-QQ-FEAT: HPkwb3INVpB7JSLjnc4mXUsU6qeRAqZ5TMZL4WcPHd14lXLF45OUOuF3nfZtz joOetD2gu8s11zOArrigMZMnrPS21SvbcASdA+sued1HzIrhmcfapNe0cGTpR2hKO3iRk/b YB0iI+t1U1QANxNJ37j/WlV1K5azQlH+1DLDGjLj+V8fWKcmXgoM1R6Fj829wY+w7Q9kgj3 CIxifAhTWrN8j9Jjb3tL6/XjVbbjYkvBS1uaqwR/Vpb3c/K0h8J+XkBC4RMRUwgb7rc1FKJ HbsgsreRJhjcssrnL8WGCWjefJauZ69rjGimamB66NILGusO+bzoFzfqkoeY89/7L5WIEbF 7A7KGLOAlneY79X6qxhotM0H8ocvHxx7VbzDjZK9JqVg1leAtAg795NCYyD2zLqkaJAVuP2 5MsxzMO8VBXZ0bR1wW5UVA==
X-QQ-GoodBg: 2
X-BIZMAIL-ID: 17315564817489890643
Date: Fri, 26 May 2023 12:14:38 +0800
From: Haisheng Yu <hsyu@cfiec.net>
To: "fgont@si6networks.com" <fgont@si6networks.com>
Cc: "brian.e.carpenter@gmail.com" <brian.e.carpenter@gmail.com>, "andrew.campling@419.consulting" <andrew.campling@419.consulting>, "fernando@gont.com.ar" <fernando@gont.com.ar>, "v6ops@ietf.org" <v6ops@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>
Message-ID: <4FCF75B585A1D068+7D9B99BB-B24B-4FE8-A3FD-54877C7C1131@cfiec.net>
In-Reply-To: <f5758380-9967-b67b-744d-dc36b7b599ab@si6networks.com>
References: <11087a11-476c-5fb8-2ede-e1b3b6e95e48@si6networks.com> <CALx6S343f_FPXVxuZuXB4j=nY-SuTEYrnxb3O5OQ3fv5uPwT8g@mail.gmail.com> <CAN-Dau1pTVr6ak9rc9x7irg+aLhq0N8_WOyySqx5Syt74HMX=g@mail.gmail.com> <a087b963-1e12-66bf-b93e-5190ce09914b@si6networks.com> <CALx6S349nNA8L5+_1hrbWayqp8GfTYypWy_SP57c_Xxams=csg@mail.gmail.com> <51a066b3-4b4c-d573-ffbe-d6b44a4f193f@gont.com.ar> <a411a1b0-c521-c456-3d44-d99a1cc0975b@gmail.com> <CWXP265MB5153E4687BE45480DBC5A531C2439@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <27d28224-0cb0-eec2-8d54-f0d175596c85@gmail.com> <f5758380-9967-b67b-744d-dc36b7b599ab@si6networks.com>
X-Mailer: MailMasterPC/4.17.9.1009 (Win10 19H2)
X-CUSTOM-MAIL-MASTER-SENT-ID: 82FB1B92-D3C1-4642-B546-98D7B31EB091
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
X-QQ-SENDSIZE: 520
Feedback-ID: bizesmtp:cfiec.net:qybglogicsvrgz:qybglogicsvrgz6a-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/OdFmoZnKbirCsrI_ubIOyz6YBD4>
Subject: Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking IPv6 extension headers? (Episode 1000 and counting) (Linux DoS)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 May 2023 04:15:51 -0000
I guess it all depends on the TV? e.g., I for one I'm not planning to throw it out just because Sony decided to quit pushing updates (which were never automatic for my set).
https://mail-online.nosdn.127.net/997bfaaa29267122f3b7334a5d4895ce.jpg"> | 喻海生 Haisheng Yu (Johnson) |
下一代互联网关键技术和评测北京市工程研究中心有限公司 13654947748 |
From | Fernando Gont<fgont@si6networks.com> |
Date | 5/25/2023 08:49 |
To |
Brian E Carpenter<brian.e.carpenter@gmail.com>
, Andrew Campling<andrew.campling@419.consulting> , Fernando Gont<fernando@gont.com.ar> |
Cc |
IPv6 Operations<v6ops@ietf.org>
, 6man<ipv6@ietf.org> , opsec@ietf.org<opsec@ietf.org> |
Subject | Re: [v6ops] [OPSEC] [IPv6] Why folks are blocking IPv6 extension headers? (Episode 1000 and counting) (Linux DoS) |
On 23/5/23 00:41, Brian E Carpenter wrote:
[...]
That depends where you choose to apply the zero trust model. As Steve
Bellovin argued many years ago in his distributed firewalls paper,
distributing the trust model to the end systems is best, because you no
longer have to trust any intermediate systems.
Given the amount of things that get connected to the Net (smart bulbs,
refrigerators, etc.) -- and that will super-likely never receive
security updates, you may have to rely on your own network.
For instance, I wouldn't have my smart TV "defend itself".
Cheers,
--
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494
_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops
ÿ
- [OPSEC] Why folks are blocking IPv6 extension hea… Fernando Gont
- Re: [OPSEC] [IPv6] Why folks are blocking IPv6 ex… Tom Herbert
- Re: [OPSEC] [IPv6] Why folks are blocking IPv6 ex… Ted Lemon
- Re: [OPSEC] [IPv6] Why folks are blocking IPv6 ex… David Farmer
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… nalini.elkins@insidethestack.com
- Re: [OPSEC] [IPv6] Why folks are blocking IPv6 ex… Jen Linkova
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Vasilenko Eduard
- Re: [OPSEC] [IPv6] Why folks are blocking IPv6 ex… Fernando Gont
- Re: [OPSEC] [IPv6] Why folks are blocking IPv6 ex… Fernando Gont
- Re: [OPSEC] [IPv6] Why folks are blocking IPv6 ex… Tom Herbert
- Re: [OPSEC] [IPv6] Why folks are blocking IPv6 ex… Andrew Campling
- Re: [OPSEC] [IPv6] Why folks are blocking IPv6 ex… Andrew Campling
- Re: [OPSEC] [IPv6] Why folks are blocking IPv6 ex… Tom Herbert
- Re: [OPSEC] [IPv6] Why folks are blocking IPv6 ex… Tom Herbert
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Nick Buraglio
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… nalini.elkins@insidethestack.com
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Dale W. Carder
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Nick Buraglio
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Nick Buraglio
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Ackermann, Michael
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Xipengxiao
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Michael McBride
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Ackermann, Michael
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Fernando Gont
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Brian E Carpenter
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Ole Troan
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Haisheng Yu
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Andrew Campling
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Bob Natale
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Tom Herbert
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Ole Troan
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… nalini.elkins@insidethestack.com
- Re: [OPSEC] [EXT] Re: [v6ops] [IPv6] Why folks ar… Bob Natale
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… nalini.elkins@insidethestack.com
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… David Farmer
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Tom Herbert
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Michael Richardson
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Ole Trøan
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… nalini.elkins@insidethestack.com
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Ole Troan
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Tom Herbert
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… David Farmer
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Fernando Gont
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Tom Herbert
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… nalini.elkins@insidethestack.com
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Ole Troan
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… nalini.elkins@insidethestack.com
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Fernando Gont
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Fernando Gont
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Tom Herbert
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Tom Herbert
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Brian E Carpenter
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Michael Richardson
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Brian E Carpenter
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Brian E Carpenter
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… hsyu
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Fernando Gont
- Re: [OPSEC] [EXTERNAL] Re: [IPv6] [v6ops] Why fol… Manfredi (US), Albert E
- Re: [OPSEC] [EXTERNAL] Re: [IPv6] [v6ops] Why fol… Fernando Gont
- Re: [OPSEC] [EXTERNAL] Re: [IPv6] [v6ops] Why fol… Arnaud Taddei
- Re: [OPSEC] [EXTERNAL] Re: [IPv6] [v6ops] Why fol… Vasilenko Eduard
- Re: [OPSEC] [EXTERNAL] Re: [IPv6] [v6ops] Why fol… Arnaud Taddei
- Re: [OPSEC] [EXTERNAL] Re: [IPv6] [v6ops] Why fol… Vasilenko Eduard
- Re: [OPSEC] [EXTERNAL] Re: [IPv6] [v6ops] Why fol… Arnaud Taddei
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… nalini.elkins@insidethestack.com
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Tom Herbert
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Tom Herbert
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… nalini.elkins@insidethestack.com
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Manfredi (US), Albert E
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Tom Herbert
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Brian E Carpenter
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Manfredi (US), Albert E
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Bob Natale
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Haisheng Yu
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Warren Kumari
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Ole Troan
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Warren Kumari
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Andrew Campling
- Re: [OPSEC] [EXTERNAL] Re: [IPv6] [v6ops] Why fol… Fernando Gont
- Re: [OPSEC] [IPv6] [v6ops] [EXTERNAL] Re: Why fol… Fernando Gont
- Re: [OPSEC] [v6ops] [IPv6] Why folks are blocking… Fernando Gont
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Fernando Gont
- Re: [OPSEC] [IPv6] [v6ops] [EXTERNAL] Re: Why fol… Tom Herbert
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Tom Herbert
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Tom Herbert
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Fernando Gont
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Clark Gaylord
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Tom Herbert
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Fernando Gont
- Re: [OPSEC] [EXTERNAL] Re: [IPv6] [v6ops] Why fol… Manfredi (US), Albert E
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Brian E Carpenter
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Brian E Carpenter
- Re: [OPSEC] [EXTERNAL] Re: [IPv6] [v6ops] Why fol… Tom Herbert
- Re: [OPSEC] [EXTERNAL] Re: [IPv6] [v6ops] Why fol… Manfredi (US), Albert E
- Re: [OPSEC] [v6ops] [EXTERNAL] Re: [IPv6] Why fol… Andrew Alston
- Re: [OPSEC] [EXTERNAL] Re: [IPv6] [v6ops] Why fol… Tom Herbert
- Re: [OPSEC] [EXTERNAL] Re: [IPv6] [v6ops] Why fol… Andrew Campling
- Re: [OPSEC] [IPv6] [EXTERNAL] Re: [v6ops] Why fol… Tom Herbert
- Re: [OPSEC] [IPv6] [v6ops] Why folks are blocking… Dirk Trossen
- Re: [OPSEC] [IPv6] [EXTERNAL] Re: [v6ops] Why fol… Mike Simpson
- Re: [OPSEC] [IPv6] [EXTERNAL] Re: [v6ops] Why fol… Haisheng Yu
- Re: [OPSEC] [IPv6] [EXTERNAL] Re: [v6ops] Why fol… Nick Hilliard
- Re: [OPSEC] [IPv6] [EXTERNAL] Re: [v6ops] Why fol… Fernando Gont
- Re: [OPSEC] [IPv6] [EXTERNAL] Re: [v6ops] Why fol… Bob Natale