IETF Logo Mail Archive

Re: [savi] Potential issue for all SAVI mechanisms?

Alberto García <alberto@it.uc3m.es> Mon, 12 September 2011 16:33 UTC

Return-Path: <alberto@it.uc3m.es>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 006C821F8B43 for <savi@ietfa.amsl.com>; Mon, 12 Sep 2011 09:33:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.999
X-Spam-Level:
X-Spam-Status: No, score=-5.999 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SQpmdHkZsrFH for <savi@ietfa.amsl.com>; Mon, 12 Sep 2011 09:33:10 -0700 (PDT)
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.176.131]) by ietfa.amsl.com (Postfix) with ESMTP id 9FDF921F86DD for <savi@ietf.org>; Mon, 12 Sep 2011 09:33:09 -0700 (PDT)
X-uc3m-safe: yes
Received: from BOMBO (wlap006.it.uc3m.es [163.117.139.189]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp01.uc3m.es (Postfix) with ESMTP id 15C86C283E2; Mon, 12 Sep 2011 18:35:12 +0200 (CEST)
From: Alberto García <alberto@it.uc3m.es>
To: 'Jun Bi' <junbi@cernet.edu.cn>, 'Jean-Michel Combes' <jeanmichel.combes@gmail.com>, 'Fred Baker' <fred@cisco.com>
References: <4E01F2FF.7030108@acm.org><BANLkTikn45azMHnnduE3BG2o2ttB2Q7syg@mail.gmail.com><4E0A11D8.5010300@joelhalpern.com><BANLkTik0fM4xF_iYbZBv6uQ5LwnTS+foyg@mail.gmail.com><CAA7e52oei4d9A2BcBnpGikreQ575Z1na7U+7oWCwsEvcosQPyg@mail.gmail.com><000001cc6c8a$a4857c80$ed907580$@it.uc3m.es><4E662CAF.1010905@joelhalpern.com><003c01cc6cb7$238670d0$6a935270$@it.uc3m.es><4E665A4F.9080608@joelhalpern.com><B31B8DE2-F666-4C71-9509-AE1DB43520CC@cisco.com><CAA7e52oYxY0K+e2NpmMnybdPajXAY3pcgno5Cj_zg+Mw+YqFcA@mail.gmail.com><6808F94D-BDE1-464A-99D7-491D7174EE57@cisco.com> <CAA7e52oFXmHX7PjY_SqwGKDeHEjhWq2M_5Xya0K_HTbjaGXviQ@mail.gmail.com> <C976DDE8C28942CB90A32D06CCAB5B60@junbiVAIOz138>
In-Reply-To: <C976DDE8C28942CB90A32D06CCAB5B60@junbiVAIOz138>
Date: Mon, 12 Sep 2011 18:35:40 +0200
Message-ID: <003701cc716a$028deef0$07a9ccd0$@it.uc3m.es>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFTB4vJwakhVfIfNKzvlDJLZuN+EQINlRVdAbHq4KYA5WEYMgGuC5/rAcdsZG8C+kqQyAIxP+zVAPzbFJICSl3pqwEzQR0CAaz4hQsCi/1NCAGAbyVqlYD0+uA=
Content-Language: es
X-TM-AS-Product-Ver: IMSS-7.0.0.3116-6.8.0.1017-18382.000
Cc: 'SAVI Mailing List' <savi@ietf.org>
Subject: Re: [savi] Potential issue for all SAVI mechanisms?
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2011 16:33:11 -0000

Hi,
For me it's also fine the 'just mentioning the issue and the consequences' approach.

Regards,
Alberto

|  -----Mensaje original-----
|  De: savi-bounces@ietf.org [mailto:savi-bounces@ietf.org] En nombre de Jun
|  Bi
|  Enviado el: sábado, 10 de septiembre de 2011 19:12
|  Para: Jean-Michel Combes; Fred Baker
|  CC: SAVI Mailing List; Alberto García
|  Asunto: Re: [savi] Potential issue for all SAVI mechanisms?
|  
|  I vote for "just mentioning the issue and the consequences"
|  
|  I agree with Fred and Joel. This common threat should be fixed by 6man or
|  other WGs working on IPv6 itself.
|  In SAVI, we just mention the issues (and actually also the requirement to fix
|  it by other WGs). Especially when the current SAVI charter forbids to change
|  protocol or create new protocol, our solution is weakened, then it is hard
|  for us to fix it completely.
|  
|  thanks,
|  Jun Bi
|  
|  
|  
|  -----原始邮件-----
|  From: Jean-Michel Combes
|  Sent: Saturday, September 10, 2011 1:03 AM
|  To: Fred Baker
|  Cc: SAVI Mailing List ; Alberto García
|  Subject: Re: [savi] Potential issue for all SAVI mechanisms?
|  
|  OK. Thanks.
|  
|  I would appreciate the opinion from other people in the WG (i.e., just
|  mentioning the issue and the consequences v.s. mentioning the issue and
|  adding text about a potential solution to mitigate it), please.
|  
|  Thanks.
|  
|  Best regards.
|  
|  JMC.
|  
|  2011/9/9 Fred Baker <fred@cisco.com>:
|  >
|  > On Sep 9, 2011, at 8:06 AM, Jean-Michel Combes wrote:
|  >
|  >> Hi Fred,
|  >>
|  >> same clarification: from your point of view, we have just to mention
|  >> the issue without adding a potential solution to mitigate it,
|  >> correct?
|  >
|  > Yes. From my perspective, the most likely solution to be developed in
|  > 6man is to ignore ICMP messages with headers or which arrive
|  > fragmented, so that sending the messages is at most a bandwidth dos
|  > but has no other real effect. In SAVI, however, it makes sense to
|  > mention that there is a problem.
|  >
|  >> Thanks.
|  >>
|  >> Yours,
|  >>
|  >> JMC.
|  >>
|  >> 2011/9/6 Fred Baker <fred@cisco.com>:
|  >>>
|  >>> On Sep 6, 2011, at 10:37 AM, Joel M. Halpern wrote:
|  >>>> It seems to me much better to note this vulnerability in SAVI, and
|  >>>> leave it there.
|  >>>> If we want it fixed, 6man should simply instruct hosts not to
|  >>>> accept RAs or DHCPs in fragmented packets.
|  >>>
|  >>> having 6man fix it makes sense to me. I'm not sure how we can fix it
|  >>> in SAVI without asking the switch to reassemble fragmented messages.
|  >>> _______________________________________________
|  >>> savi mailing list
|  >>> savi@ietf.org
|  >>> https://www.ietf.org/mailman/listinfo/savi
|  >>>
|  >
|  >
|  _______________________________________________
|  savi mailing list
|  savi@ietf.org
|  https://www.ietf.org/mailman/listinfo/savi
|  
|  _______________________________________________
|  savi mailing list
|  savi@ietf.org
|  https://www.ietf.org/mailman/listinfo/savi

v2.23.0 | Report a Bug | By Email