IETF Logo Mail Archive

Re: [savi] Potential issue for all SAVI mechanisms?

Jean-Michel Combes <jeanmichel.combes@gmail.com> Fri, 09 September 2011 17:01 UTC

Return-Path: <jeanmichel.combes@gmail.com>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3771D21F846D for <savi@ietfa.amsl.com>; Fri, 9 Sep 2011 10:01:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.449
X-Spam-Level:
X-Spam-Status: No, score=-103.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jtevnhBCABI for <savi@ietfa.amsl.com>; Fri, 9 Sep 2011 10:01:42 -0700 (PDT)
Received: from mail-gw0-f42.google.com (mail-gw0-f42.google.com [74.125.83.42]) by ietfa.amsl.com (Postfix) with ESMTP id 8114521F85B9 for <savi@ietf.org>; Fri, 9 Sep 2011 10:01:42 -0700 (PDT)
Received: by gwb17 with SMTP id 17so1966374gwb.15 for <savi@ietf.org>; Fri, 09 Sep 2011 10:03:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=PxWhuumReN7sCjHMUfCbXOVz8bs1vWJQwPwrUlASHSA=; b=S3gOxevEOuQcZ9Cy9oZI4vFYG3VoJv3t4Ij67MqfMnxVqv7u0gAWDVKqAqtrxd93uo hao3RhccRuWx6nmxMXlwotqrBc+YMjHVVC9QO/Iaq9892QJoc3ER5A91pvvsMQugMwtA /8x1d/dvi9zXr/DmKUhw6Hb0hGsSo1BE4s2Eo=
MIME-Version: 1.0
Received: by 10.236.200.195 with SMTP id z43mr13235965yhn.127.1315587815539; Fri, 09 Sep 2011 10:03:35 -0700 (PDT)
Received: by 10.146.82.14 with HTTP; Fri, 9 Sep 2011 10:03:35 -0700 (PDT)
In-Reply-To: <6808F94D-BDE1-464A-99D7-491D7174EE57@cisco.com>
References: <4E01F2FF.7030108@acm.org> <BANLkTikn45azMHnnduE3BG2o2ttB2Q7syg@mail.gmail.com> <4E0A11D8.5010300@joelhalpern.com> <BANLkTik0fM4xF_iYbZBv6uQ5LwnTS+foyg@mail.gmail.com> <CAA7e52oei4d9A2BcBnpGikreQ575Z1na7U+7oWCwsEvcosQPyg@mail.gmail.com> <000001cc6c8a$a4857c80$ed907580$@it.uc3m.es> <4E662CAF.1010905@joelhalpern.com> <003c01cc6cb7$238670d0$6a935270$@it.uc3m.es> <4E665A4F.9080608@joelhalpern.com> <B31B8DE2-F666-4C71-9509-AE1DB43520CC@cisco.com> <CAA7e52oYxY0K+e2NpmMnybdPajXAY3pcgno5Cj_zg+Mw+YqFcA@mail.gmail.com> <6808F94D-BDE1-464A-99D7-491D7174EE57@cisco.com>
Date: Fri, 09 Sep 2011 19:03:35 +0200
Message-ID: <CAA7e52oFXmHX7PjY_SqwGKDeHEjhWq2M_5Xya0K_HTbjaGXviQ@mail.gmail.com>
From: Jean-Michel Combes <jeanmichel.combes@gmail.com>
To: Fred Baker <fred@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: SAVI Mailing List <savi@ietf.org>, Alberto García <alberto@it.uc3m.es>
Subject: Re: [savi] Potential issue for all SAVI mechanisms?
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2011 17:01:43 -0000

OK. Thanks.

I would appreciate the opinion from other people in the WG (i.e., just
mentioning the issue and the consequences v.s. mentioning the issue
and adding text about a potential solution to mitigate it), please.

Thanks.

Best regards.

JMC.

2011/9/9 Fred Baker <fred@cisco.com>:
>
> On Sep 9, 2011, at 8:06 AM, Jean-Michel Combes wrote:
>
>> Hi Fred,
>>
>> same clarification: from your point of view, we have just to mention
>> the issue without adding a potential solution to
>> mitigate it, correct?
>
> Yes. From my perspective, the most likely solution to be developed in 6man is to ignore ICMP messages with headers or which arrive fragmented, so that sending the messages is at most a bandwidth dos but has no other real effect. In SAVI, however, it makes sense to mention that there is a problem.
>
>> Thanks.
>>
>> Yours,
>>
>> JMC.
>>
>> 2011/9/6 Fred Baker <fred@cisco.com>:
>>>
>>> On Sep 6, 2011, at 10:37 AM, Joel M. Halpern wrote:
>>>> It seems to me much better to note this vulnerability in SAVI, and leave it there.
>>>> If we want it fixed, 6man should simply instruct hosts not to accept RAs or DHCPs in fragmented packets.
>>>
>>> having 6man fix it makes sense to me. I'm not sure how we can fix it in SAVI without asking the switch to reassemble fragmented messages.
>>> _______________________________________________
>>> savi mailing list
>>> savi@ietf.org
>>> https://www.ietf.org/mailman/listinfo/savi
>>>
>
>

v2.23.0 | Report a Bug | By Email