IETF Logo Mail Archive

Re: [Spud] endpoint control

Tom Herbert <tom@herbertland.com> Thu, 30 June 2016 00:33 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CBE612D98D for <spud@ietfa.amsl.com>; Wed, 29 Jun 2016 17:33:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rhnys6OXWv9V for <spud@ietfa.amsl.com>; Wed, 29 Jun 2016 17:33:23 -0700 (PDT)
Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C262C12D986 for <spud@ietf.org>; Wed, 29 Jun 2016 17:33:23 -0700 (PDT)
Received: by mail-io0-x235.google.com with SMTP id s63so57995153ioi.3 for <spud@ietf.org>; Wed, 29 Jun 2016 17:33:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=INMh2FAnf2oW6lPzgkty2pvqr3BMKaDcrTyjcYrCESQ=; b=DV8FO718T7zMvOLM53IKfe1jrGKGGlpkIxeUDWzCK6VaHDN7kT7raOGkD6qvQvTziy b7XFURkk5Iy+2egiOPnH9Nn0QLGKgHHFqsiptOuOQ1sMLfFGQY7Ar5rrVM/uybIzYGJP Gn8zucZO/cZBi+in+QH97jftUaNIZnDh+BVBXG7o83QEF+jBZ/jYT3tdWPc6he90ALR0 Bvi/gPKfIcIVWio1DWOmHvu1OX025m8I4HMKH9Wc0NI4bjyX2bnXl+pKV3uvwOhgCI9C IDP4itO7OgFTzf7G0+KVAKnkT5VFAIj7kYRQ92CRKATuqQwFtcbX261YPSfLocUB/vB1 BSzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=INMh2FAnf2oW6lPzgkty2pvqr3BMKaDcrTyjcYrCESQ=; b=MSg2EeCxI3/n48p81oI0YP+LOBORcikYhKbKzKTPgouht4UW4/VHQg/Mg3JhEW9ipU rHsNj0eANsrc/Zj95a1oWd1Xo+EDRwwKkpNdhVvTQp/l+qT7eKtfAyPZDdemBUk7SQXd 4R9qxFMnv5BKMrLvbichHitZo0iLiryJ8i1+LwTwXb4fxxL/W8Y/Nvpkv1PM+4oIcBUU 2kKB+EnVpfqN9/IbRdGWKyLqWa0SOUUDY3Yv+xvsn4JWx2XuRkWdKU3rtAV9BalLf0VV ouCvyM4QS0HgPPKBjLZ5NbByjb1/YYfFCTfEH/g8sLmO5jDyMsEvfAySUF7+jfDVMSoG nr4g==
X-Gm-Message-State: ALyK8tIIj90U/CUi5mMGCS+FxCTPvdY5vftmgwTHK+W5xWvXLM6+k4FCIcMXOv1er/OB31kaZ8gH4gNKETIK1w==
X-Received: by 10.107.11.26 with SMTP id v26mr13555198ioi.107.1467246803010; Wed, 29 Jun 2016 17:33:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.31.134 with HTTP; Wed, 29 Jun 2016 17:33:22 -0700 (PDT)
In-Reply-To: <577461F8.4000003@isi.edu>
References: <A4BAAB326B17CE40B45830B745F70F10EE37ACAE@VOEXM17W.internal.vodafone.com> <CALx6S35DbFk5ZXUf0ob+hziPb1d5xjZvGADP_g-rw=EYKbPOvw@mail.gmail.com> <A4BAAB326B17CE40B45830B745F70F10EE37B7F0@VOEXM17W.internal.vodafone.com> <CALx6S37xeV2Wp=Ms1bF52YPMdYytqCJ_2DMOn9JriykHegBQmw@mail.gmail.com> <577461F8.4000003@isi.edu>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 29 Jun 2016 17:33:22 -0700
Message-ID: <CALx6S37imvOy0Ht9W0xFj1v9HkfRon0RgTH+fBNJxu-H7vmC1w@mail.gmail.com>
To: Joe Touch <touch@isi.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/Ea5CTEgY-yWRi7AjWjTv96HZXj0>
Cc: "Brian Trammell (ietf@trammell.ch)" <ietf@trammell.ch>, "Smith, Kevin, (R&D) Vodafone Group" <Kevin.Smith@vodafone.com>, "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] endpoint control
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2016 00:33:25 -0000

On Wed, Jun 29, 2016 at 5:04 PM, Joe Touch <touch@isi.edu> wrote:
>
>
> On 6/29/2016 4:26 PM, Tom Herbert wrote:
>> ...
>> Probably down to forwarding performance too, as Hop-by-Hop must be processed by all network devices. And deployability as you say; because IPv6 is unfortunately not prevalent yet in mobile core networks...
>>
>> The first problem is being relaxed in 2460bis draft. It allows HBH to
>> be ignored by network devices, which should cover the case where there
>> are "too many options to parse" in a DOS attack.
>
> That doc recognizes that many devices do this, not that this is OK.
>
Here is the wording that I believed was agreed on in 6man for next
version of the 2460bis draft:

"NOTE: While RFC2460 required that all nodes must process the
Hop-by-Hop Options header, it is now expected that nodes only process
the Hop-by-Hop Options header if explicitly configured to do so. Nodes
that do not process or examine the Hop-by-Hop Options header must
ignore it,
and it must be passed on unchanged if forwarded."

As I understand it, the use of "expected" here instead of "SHOULD" or
"MAY" is necessary since 2460 is being proposed to become a full
standard and the protocol behavior can't change in that process. But
for all practical purposes this allows nodes to ignore HBH. Without
this allowance HBH would never be deployable.

Tom

v2.23.0 | Report a Bug | By Email