IETF Logo Mail Archive

Re: [savi] Potential issue for all SAVI mechanisms?

"Jun Bi" <junbi@cernet.edu.cn> Sat, 10 September 2011 17:10 UTC

Return-Path: <junbi@cernet.edu.cn>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46D5E21F8770 for <savi@ietfa.amsl.com>; Sat, 10 Sep 2011 10:10:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.902
X-Spam-Level:
X-Spam-Status: No, score=-99.902 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HAS_XAIMC=2.696, STOX_REPLY_TYPE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fve7d7mhY9i8 for <savi@ietfa.amsl.com>; Sat, 10 Sep 2011 10:10:21 -0700 (PDT)
Received: from cernet.edu.cn (sea.net.edu.cn [202.112.39.2]) by ietfa.amsl.com (Postfix) with SMTP id BF1C421F86E0 for <savi@ietf.org>; Sat, 10 Sep 2011 10:10:20 -0700 (PDT)
Received: from junbiVAIOz138([101.38.13.233]) by cernet.edu.cn(AIMC 3.2.0.0) with SMTP id jm124e6bb5b2; Sun, 11 Sep 2011 01:12:13 +0800
Message-ID: <C976DDE8C28942CB90A32D06CCAB5B60@junbiVAIOz138>
From: Jun Bi <junbi@cernet.edu.cn>
To: Jean-Michel Combes <jeanmichel.combes@gmail.com>, Fred Baker <fred@cisco.com>
References: <4E01F2FF.7030108@acm.org><BANLkTikn45azMHnnduE3BG2o2ttB2Q7syg@mail.gmail.com><4E0A11D8.5010300@joelhalpern.com><BANLkTik0fM4xF_iYbZBv6uQ5LwnTS+foyg@mail.gmail.com><CAA7e52oei4d9A2BcBnpGikreQ575Z1na7U+7oWCwsEvcosQPyg@mail.gmail.com><000001cc6c8a$a4857c80$ed907580$@it.uc3m.es><4E662CAF.1010905@joelhalpern.com><003c01cc6cb7$238670d0$6a935270$@it.uc3m.es><4E665A4F.9080608@joelhalpern.com><B31B8DE2-F666-4C71-9509-AE1DB43520CC@cisco.com><CAA7e52oYxY0K+e2NpmMnybdPajXAY3pcgno5Cj_zg+Mw+YqFcA@mail.gmail.com><6808F94D-BDE1-464A-99D7-491D7174EE57@cisco.com> <CAA7e52oFXmHX7PjY_SqwGKDeHEjhWq2M_5Xya0K_HTbjaGXviQ@mail.gmail.com>
In-Reply-To: <CAA7e52oFXmHX7PjY_SqwGKDeHEjhWq2M_5Xya0K_HTbjaGXviQ@mail.gmail.com>
Date: Sun, 11 Sep 2011 01:12:09 +0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"; reply-type="original"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3508.1109
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3508.1109
X-AIMC-AUTH: junbi
X-AIMC-MAILFROM: junbi@cernet.edu.cn
X-AIMC-Msg-ID: bENG1C1B
Cc: SAVI Mailing List <savi@ietf.org>, Alberto García <alberto@it.uc3m.es>
Subject: Re: [savi] Potential issue for all SAVI mechanisms?
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Sep 2011 17:10:22 -0000

I vote for "just mentioning the issue and the consequences"

I agree with Fred and Joel. This common threat should be fixed by 6man or 
other WGs working on IPv6 itself.
In SAVI, we just mention the issues (and actually also the requirement to 
fix it by other WGs). Especially when the current SAVI charter forbids to 
change protocol or create new protocol, our solution is weakened, then it is 
hard for us to fix it completely.

thanks,
Jun Bi



-----原始邮件----- 
From: Jean-Michel Combes
Sent: Saturday, September 10, 2011 1:03 AM
To: Fred Baker
Cc: SAVI Mailing List ; Alberto García
Subject: Re: [savi] Potential issue for all SAVI mechanisms?

OK. Thanks.

I would appreciate the opinion from other people in the WG (i.e., just
mentioning the issue and the consequences v.s. mentioning the issue
and adding text about a potential solution to mitigate it), please.

Thanks.

Best regards.

JMC.

2011/9/9 Fred Baker <fred@cisco.com>:
>
> On Sep 9, 2011, at 8:06 AM, Jean-Michel Combes wrote:
>
>> Hi Fred,
>>
>> same clarification: from your point of view, we have just to mention
>> the issue without adding a potential solution to
>> mitigate it, correct?
>
> Yes. From my perspective, the most likely solution to be developed in 6man 
> is to ignore ICMP messages with headers or which arrive fragmented, so 
> that sending the messages is at most a bandwidth dos but has no other real 
> effect. In SAVI, however, it makes sense to mention that there is a 
> problem.
>
>> Thanks.
>>
>> Yours,
>>
>> JMC.
>>
>> 2011/9/6 Fred Baker <fred@cisco.com>:
>>>
>>> On Sep 6, 2011, at 10:37 AM, Joel M. Halpern wrote:
>>>> It seems to me much better to note this vulnerability in SAVI, and 
>>>> leave it there.
>>>> If we want it fixed, 6man should simply instruct hosts not to accept 
>>>> RAs or DHCPs in fragmented packets.
>>>
>>> having 6man fix it makes sense to me. I'm not sure how we can fix it in 
>>> SAVI without asking the switch to reassemble fragmented messages.
>>> _______________________________________________
>>> savi mailing list
>>> savi@ietf.org
>>> https://www.ietf.org/mailman/listinfo/savi
>>>
>
>
_______________________________________________
savi mailing list
savi@ietf.org
https://www.ietf.org/mailman/listinfo/savi

v2.23.0 | Report a Bug | By Email