IETF Logo Mail Archive

Re: [Status] Jari Arkko's BLOCK on charter-ietf-spring-00-06

joel jaeggli <joelja@bogus.com> Fri, 11 October 2013 17:26 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: status@ietfa.amsl.com
Delivered-To: status@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2E8F11E816B; Fri, 11 Oct 2013 10:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.299
X-Spam-Level:
X-Spam-Status: No, score=-102.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_33=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0tper5yUpDuh; Fri, 11 Oct 2013 10:26:12 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id 02E2011E81B2; Fri, 11 Oct 2013 10:26:06 -0700 (PDT)
Received: from mb-aye.corp.zynga.com ([199.48.105.4]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id r9BHPtKw067556 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Fri, 11 Oct 2013 17:25:56 GMT (envelope-from joelja@bogus.com)
Content-Type: multipart/signed; boundary="Apple-Mail=_E7284CEB-BAF6-4FB2-B79F-95D13D6E1CA7"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: joel jaeggli <joelja@bogus.com>
In-Reply-To: <B281D32A-3606-4556-85D5-FDD3F28F67A0@nominum.com>
Date: Fri, 11 Oct 2013 10:25:50 -0700
Message-Id: <8D392CDA-04BC-44DB-9F47-032C29192428@bogus.com>
References: <525639F6.8010503@cisco.com> <201310101354.r9ADsib8019588@cichlid.raleigh.ibm.com> <70D84A40-EB41-4D70-983A-DE3EB9FFE876@piuha.net> <5256E527.1030806@cisco.com> <37FBE6FA-0ECE-478A-861A-FD4CC0A8FC74@piuha.net> <B281D32A-3606-4556-85D5-FDD3F28F67A0@nominum.com>
To: Ted Lemon <ted.lemon@nominum.com>
X-Mailer: Apple Mail (2.1510)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (nagasaki.bogus.com [147.28.0.81]); Fri, 11 Oct 2013 17:25:56 +0000 (UTC)
Cc: Thomas Narten <narten@us.ibm.com>, Stewart Bryant <stbryant@cisco.com>, Jari Arkko <jari.arkko@piuha.net>, "iesg@ietf.org" <iesg@ietf.org>, "status@ietf.org" <status@ietf.org>
Subject: Re: [Status] Jari Arkko's BLOCK on charter-ietf-spring-00-06
X-BeenThere: status@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Stacked Tunnels for Source Routing \(STATUS\)." <status.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/status>, <mailto:status-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/status>
List-Post: <mailto:status@ietf.org>
List-Help: <mailto:status-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/status>, <mailto:status-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2013 17:26:13 -0000

On Oct 11, 2013, at 10:15 AM, Ted Lemon <ted.lemon@nominum.com> wrote:

> On Oct 11, 2013, at 9:11 AM, Jari Arkko <jari.arkko@piuha.net> wrote:
>> Would this work for people? FWIW from what I can tell, the above should be relatively easily doable, short cookies in headers, etc. It would remove my main concern of accidentally turned on devices becoming a security hole. It would also help deployment, as firewalls might otherwise default to blocking all kinds of routing headers.
> 
> WFM, although it sounds an awful lot like a flow label... :)

20 bits is not enough to put the sha1sum of my authetication token in.

>

v2.23.0 | Report a Bug | By Email