IETF Logo Mail Archive

Re: [savi] Potential issue for all SAVI mechanisms?

Fred Baker <fred@cisco.com> Tue, 06 September 2011 17:52 UTC

Return-Path: <fred@cisco.com>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 940E521F8CAA for <savi@ietfa.amsl.com>; Tue, 6 Sep 2011 10:52:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.801
X-Spam-Level:
X-Spam-Status: No, score=-102.801 tagged_above=-999 required=5 tests=[AWL=-0.202, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bKe44ZmzbIlv for <savi@ietfa.amsl.com>; Tue, 6 Sep 2011 10:52:54 -0700 (PDT)
Received: from mtv-iport-2.cisco.com (mtv-iport-2.cisco.com [173.36.130.13]) by ietfa.amsl.com (Postfix) with ESMTP id 2AA4021F8CAF for <savi@ietf.org>; Tue, 6 Sep 2011 10:52:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=fred@cisco.com; l=403; q=dns/txt; s=iport; t=1315331681; x=1316541281; h=subject:mime-version:from:in-reply-to:date:cc:message-id: references:to:content-transfer-encoding; bh=5M90FB1na/K7gm4ypaoA7YQvpug9E4XYscUt+7zxAHE=; b=F25gnzqo6BM156Z58QGImJFkPmGKGApf5YLbWjp5I2rv9M88TNSojqRz onX26srORsshu0Yn8IeYmtbdgGg80hzMtMWVW22aEAqNuTvlkVTMHX8hS XZnJaWvKQ8cn16oLxnsJc5vYVFoxxZNFbGxkcudBVl1ZYmHvWVBpwMqUR k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EANldZk6rRDoG/2dsb2JhbABDp314gUYBAQEBAxIBJz8QCxguVwY1ojsBnyuGCmAEh2uLQ4UPjB4
X-IronPort-AV: E=Sophos;i="4.68,339,1312156800"; d="scan'208";a="471775"
Received: from mtv-core-1.cisco.com ([171.68.58.6]) by mtv-iport-2.cisco.com with ESMTP; 06 Sep 2011 17:54:41 +0000
Received: from stealth-10-32-244-219.cisco.com (stealth-10-32-244-219.cisco.com [10.32.244.219]) by mtv-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id p86HsefS027906; Tue, 6 Sep 2011 17:54:40 GMT
Received: from [127.0.0.1] by stealth-10-32-244-219.cisco.com (PGP Universal service); Tue, 06 Sep 2011 10:54:41 -0700
X-PGP-Universal: processed; by stealth-10-32-244-219.cisco.com on Tue, 06 Sep 2011 10:54:41 -0700
Mime-Version: 1.0 (Apple Message framework v1084)
From: Fred Baker <fred@cisco.com>
In-Reply-To: <4E665A4F.9080608@joelhalpern.com>
Date: Tue, 06 Sep 2011 10:54:31 -0700
Message-Id: <B31B8DE2-F666-4C71-9509-AE1DB43520CC@cisco.com>
References: <4E01F2FF.7030108@acm.org> <BANLkTikn45azMHnnduE3BG2o2ttB2Q7syg@mail.gmail.com> <4E0A11D8.5010300@joelhalpern.com> <BANLkTik0fM4xF_iYbZBv6uQ5LwnTS+foyg@mail.gmail.com> <CAA7e52oei4d9A2BcBnpGikreQ575Z1na7U+7oWCwsEvcosQPyg@mail.gmail.com> <000001cc6c8a$a4857c80$ed907580$@it.uc3m.es> <4E662CAF.1010905@joelhalpern.com> <003c01cc6cb7$238670d0$6a935270$@it.uc3m.es> <4E665A4F.9080608@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.1084)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Cc: 'SAVI Mailing List' <savi@ietf.org>, Alberto García <alberto@it.uc3m.es>
Subject: Re: [savi] Potential issue for all SAVI mechanisms?
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2011 17:52:54 -0000

On Sep 6, 2011, at 10:37 AM, Joel M. Halpern wrote:
> It seems to me much better to note this vulnerability in SAVI, and leave it there.
> If we want it fixed, 6man should simply instruct hosts not to accept RAs or DHCPs in fragmented packets.

having 6man fix it makes sense to me. I'm not sure how we can fix it in SAVI without asking the switch to reassemble fragmented messages.

v2.23.0 | Report a Bug | By Email