Re: [savi] Potential issue for all SAVI mechanisms?
Alberto García <alberto@it.uc3m.es> Mon, 12 September 2011 16:33 UTC
Return-Path: <alberto@it.uc3m.es>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 006C821F8B43 for <savi@ietfa.amsl.com>; Mon, 12 Sep 2011 09:33:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.999
X-Spam-Level:
X-Spam-Status: No, score=-5.999 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SQpmdHkZsrFH for <savi@ietfa.amsl.com>; Mon, 12 Sep 2011 09:33:10 -0700 (PDT)
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.176.131]) by ietfa.amsl.com (Postfix) with ESMTP id 9FDF921F86DD for <savi@ietf.org>; Mon, 12 Sep 2011 09:33:09 -0700 (PDT)
X-uc3m-safe: yes
Received: from BOMBO (wlap006.it.uc3m.es [163.117.139.189]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp01.uc3m.es (Postfix) with ESMTP id 15C86C283E2; Mon, 12 Sep 2011 18:35:12 +0200 (CEST)
From: Alberto García <alberto@it.uc3m.es>
To: 'Jun Bi' <junbi@cernet.edu.cn>, 'Jean-Michel Combes' <jeanmichel.combes@gmail.com>, 'Fred Baker' <fred@cisco.com>
References: <4E01F2FF.7030108@acm.org><BANLkTikn45azMHnnduE3BG2o2ttB2Q7syg@mail.gmail.com><4E0A11D8.5010300@joelhalpern.com><BANLkTik0fM4xF_iYbZBv6uQ5LwnTS+foyg@mail.gmail.com><CAA7e52oei4d9A2BcBnpGikreQ575Z1na7U+7oWCwsEvcosQPyg@mail.gmail.com><000001cc6c8a$a4857c80$ed907580$@it.uc3m.es><4E662CAF.1010905@joelhalpern.com><003c01cc6cb7$238670d0$6a935270$@it.uc3m.es><4E665A4F.9080608@joelhalpern.com><B31B8DE2-F666-4C71-9509-AE1DB43520CC@cisco.com><CAA7e52oYxY0K+e2NpmMnybdPajXAY3pcgno5Cj_zg+Mw+YqFcA@mail.gmail.com><6808F94D-BDE1-464A-99D7-491D7174EE57@cisco.com> <CAA7e52oFXmHX7PjY_SqwGKDeHEjhWq2M_5Xya0K_HTbjaGXviQ@mail.gmail.com> <C976DDE8C28942CB90A32D06CCAB5B60@junbiVAIOz138>
In-Reply-To: <C976DDE8C28942CB90A32D06CCAB5B60@junbiVAIOz138>
Date: Mon, 12 Sep 2011 18:35:40 +0200
Message-ID: <003701cc716a$028deef0$07a9ccd0$@it.uc3m.es>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFTB4vJwakhVfIfNKzvlDJLZuN+EQINlRVdAbHq4KYA5WEYMgGuC5/rAcdsZG8C+kqQyAIxP+zVAPzbFJICSl3pqwEzQR0CAaz4hQsCi/1NCAGAbyVqlYD0+uA=
Content-Language: es
X-TM-AS-Product-Ver: IMSS-7.0.0.3116-6.8.0.1017-18382.000
Cc: 'SAVI Mailing List' <savi@ietf.org>
Subject: Re: [savi] Potential issue for all SAVI mechanisms?
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2011 16:33:11 -0000
Hi, For me it's also fine the 'just mentioning the issue and the consequences' approach. Regards, Alberto | -----Mensaje original----- | De: savi-bounces@ietf.org [mailto:savi-bounces@ietf.org] En nombre de Jun | Bi | Enviado el: sábado, 10 de septiembre de 2011 19:12 | Para: Jean-Michel Combes; Fred Baker | CC: SAVI Mailing List; Alberto García | Asunto: Re: [savi] Potential issue for all SAVI mechanisms? | | I vote for "just mentioning the issue and the consequences" | | I agree with Fred and Joel. This common threat should be fixed by 6man or | other WGs working on IPv6 itself. | In SAVI, we just mention the issues (and actually also the requirement to fix | it by other WGs). Especially when the current SAVI charter forbids to change | protocol or create new protocol, our solution is weakened, then it is hard | for us to fix it completely. | | thanks, | Jun Bi | | | | -----原始邮件----- | From: Jean-Michel Combes | Sent: Saturday, September 10, 2011 1:03 AM | To: Fred Baker | Cc: SAVI Mailing List ; Alberto García | Subject: Re: [savi] Potential issue for all SAVI mechanisms? | | OK. Thanks. | | I would appreciate the opinion from other people in the WG (i.e., just | mentioning the issue and the consequences v.s. mentioning the issue and | adding text about a potential solution to mitigate it), please. | | Thanks. | | Best regards. | | JMC. | | 2011/9/9 Fred Baker <fred@cisco.com>: | > | > On Sep 9, 2011, at 8:06 AM, Jean-Michel Combes wrote: | > | >> Hi Fred, | >> | >> same clarification: from your point of view, we have just to mention | >> the issue without adding a potential solution to mitigate it, | >> correct? | > | > Yes. From my perspective, the most likely solution to be developed in | > 6man is to ignore ICMP messages with headers or which arrive | > fragmented, so that sending the messages is at most a bandwidth dos | > but has no other real effect. In SAVI, however, it makes sense to | > mention that there is a problem. | > | >> Thanks. | >> | >> Yours, | >> | >> JMC. | >> | >> 2011/9/6 Fred Baker <fred@cisco.com>: | >>> | >>> On Sep 6, 2011, at 10:37 AM, Joel M. Halpern wrote: | >>>> It seems to me much better to note this vulnerability in SAVI, and | >>>> leave it there. | >>>> If we want it fixed, 6man should simply instruct hosts not to | >>>> accept RAs or DHCPs in fragmented packets. | >>> | >>> having 6man fix it makes sense to me. I'm not sure how we can fix it | >>> in SAVI without asking the switch to reassemble fragmented messages. | >>> _______________________________________________ | >>> savi mailing list | >>> savi@ietf.org | >>> https://www.ietf.org/mailman/listinfo/savi | >>> | > | > | _______________________________________________ | savi mailing list | savi@ietf.org | https://www.ietf.org/mailman/listinfo/savi | | _______________________________________________ | savi mailing list | savi@ietf.org | https://www.ietf.org/mailman/listinfo/savi
- Re: [savi] Potential issue for all SAVI mechanism… Jun Bi
- [savi] Potential issue for all SAVI mechanisms? Jean-Michel Combes
- Re: [savi] Potential issue for all SAVI mechanism… Joel M. Halpern
- Re: [savi] Potential issue for all SAVI mechanism… Jun Bi
- Re: [savi] Potential issue for all SAVI mechanism… Joel M. Halpern
- Re: [savi] Potential issue for all SAVI mechanism… marcelo bagnulo braun
- Re: [savi] Potential issue for all SAVI mechanism… marcelo bagnulo braun
- Re: [savi] Potential issue for all SAVI mechanism… Jun Bi
- Re: [savi] Potential issue for all SAVI mechanism… Mikael Abrahamsson
- Re: [savi] Potential issue for all SAVI mechanism… Jun Bi
- Re: [savi] Potential issue for all SAVI mechanism… Alberto García
- Re: [savi] Potential issue for all SAVI mechanism… Erik Nordmark
- Re: [savi] Potential issue for all SAVI mechanism… Joel M. Halpern
- Re: [savi] Potential issue for all SAVI mechanism… Erik Nordmark
- Re: [savi] Potential issue for all SAVI mechanism… Eric Levy-Abegnoli
- Re: [savi] Potential issue for all SAVI mechanism… Erik Nordmark
- Re: [savi] Potential issue for all SAVI mechanism… Joel M. Halpern
- Re: [savi] Potential issue for all SAVI mechanism… Jean-Michel Combes
- Re: [savi] Potential issue for all SAVI mechanism… Joel M. Halpern
- Re: [savi] Potential issue for all SAVI mechanism… Jean-Michel Combes
- Re: [savi] Potential issue for all SAVI mechanism… Jean-Michel Combes
- Re: [savi] Potential issue for all SAVI mechanism… Guang Yao
- Re: [savi] Potential issue for all SAVI mechanism… Jun Bi
- Re: [savi] Potential issue for all SAVI mechanism… Joel M. Halpern
- Re: [savi] Potential issue for all SAVI mechanism… Jun Bi
- Re: [savi] Potential issue for all SAVI mechanism… Jean-Michel Combes
- Re: [savi] Potential issue for all SAVI mechanism… Jean-Michel Combes
- Re: [savi] Potential issue for all SAVI mechanism… Alberto García
- Re: [savi] Potential issue for all SAVI mechanism… Joel M. Halpern
- Re: [savi] Potential issue for all SAVI mechanism… Alberto García
- Re: [savi] Potential issue for all SAVI mechanism… Joel M. Halpern
- Re: [savi] Potential issue for all SAVI mechanism… Fred Baker
- Re: [savi] Potential issue for all SAVI mechanism… Alberto García
- Re: [savi] Potential issue for all SAVI mechanism… Joel M. Halpern
- Re: [savi] Potential issue for all SAVI mechanism… Jean-Michel Combes
- Re: [savi] Potential issue for all SAVI mechanism… Jean-Michel Combes
- Re: [savi] Potential issue for all SAVI mechanism… Joel M. Halpern
- Re: [savi] Potential issue for all SAVI mechanism… Fred Baker
- Re: [savi] Potential issue for all SAVI mechanism… Jean-Michel Combes
- Re: [savi] Potential issue for all SAVI mechanism… Jun Bi
- Re: [savi] Potential issue for all SAVI mechanism… Alberto García