IETF Logo Mail Archive

Re: [Status] Jari Arkko's BLOCK on charter-ietf-spring-00-06

"Stefano Previdi (sprevidi)" <sprevidi@cisco.com> Fri, 11 October 2013 18:22 UTC

Return-Path: <sprevidi@cisco.com>
X-Original-To: status@ietfa.amsl.com
Delivered-To: status@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9004B21F9CF3; Fri, 11 Oct 2013 11:22:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-hIa3JjxxSg; Fri, 11 Oct 2013 11:22:47 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id 2F00211E8143; Fri, 11 Oct 2013 11:22:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1344; q=dns/txt; s=iport; t=1381515755; x=1382725355; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=Lz4BYqyU8Rt4IIETMwkczgEJYRujS9p6wuJ84VVeHdA=; b=i/WqslW7MSuMi3FVQVksjIWQkKo9kHIf/BGW0Nfo8AuxkBKRjlw6r2SD mywd1DWZ1Y6TKy/HZfv/PWV4NcdYay3SuzG7XQk+MN6manEgnAYahFTyU dFaRKblv1RfO3fVDXg6Pope2NyoBaJJG3aHWFofaQkO4tCMy32gv72ucL 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgUFAOpAWFKtJV2c/2dsb2JhbABagwc4UsEPS4EkFnSCJQEBAQMBAQEBNzQLBQsCAQgYChQQJwslAgQOBQiHeAYMuxoEjxQCMQeDH4EEA6oHgySCKg
X-IronPort-AV: E=Sophos;i="4.93,1082,1378857600"; d="scan'208";a="271111962"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-5.cisco.com with ESMTP; 11 Oct 2013 18:22:33 +0000
Received: from xhc-rcd-x14.cisco.com (xhc-rcd-x14.cisco.com [173.37.183.88]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id r9BIMWiS012562 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 11 Oct 2013 18:22:32 GMT
Received: from xmb-rcd-x01.cisco.com ([169.254.1.2]) by xhc-rcd-x14.cisco.com ([173.37.183.88]) with mapi id 14.02.0318.004; Fri, 11 Oct 2013 13:22:32 -0500
From: "Stefano Previdi (sprevidi)" <sprevidi@cisco.com>
To: Jari Arkko <jari.arkko@piuha.net>
Thread-Topic: [Status] Jari Arkko's BLOCK on charter-ietf-spring-00-06
Thread-Index: AQHOxXkJIkUwOMl/ZkqgAR6P0mBC/5nuSWsAgAAuAYCAAA9ngIABSPSAgABWyIA=
Date: Fri, 11 Oct 2013 18:22:31 +0000
Message-ID: <E0A1DE675FEC854ABF07D319E556FE643F5693EC@xmb-rcd-x01.cisco.com>
References: <525639F6.8010503@cisco.com> <201310101354.r9ADsib8019588@cichlid.raleigh.ibm.com> <70D84A40-EB41-4D70-983A-DE3EB9FFE876@piuha.net> <5256E527.1030806@cisco.com> <37FBE6FA-0ECE-478A-861A-FD4CC0A8FC74@piuha.net>
In-Reply-To: <37FBE6FA-0ECE-478A-861A-FD4CC0A8FC74@piuha.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.61.164.39]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <6C4E28B9AABA0F499D7DF86FFD049A43@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "iesg@ietf.org" <iesg@ietf.org>, "status@ietf.org" <status@ietf.org>
Subject: Re: [Status] Jari Arkko's BLOCK on charter-ietf-spring-00-06
X-BeenThere: status@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Stacked Tunnels for Source Routing \(STATUS\)." <status.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/status>, <mailto:status-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/status>
List-Post: <mailto:status@ietf.org>
List-Help: <mailto:status-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/status>, <mailto:status-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2013 18:22:54 -0000

Jari,

On Oct 11, 2013, at 3:11 PM, Jari Arkko wrote:
> After some off-line chatting, I have a proposal for text to be added to the charter:
> 
> There are a number of serious security concerns with source routing at the IP layer [RFC 5095].  As a part of its work, the working group will define the new IPv6-based routing header in way that blind attacks are never possible, i.e., attackers will be unable to send source routed packets that get successfully processed, without being part of the negations for setting up the source routes or being able to eavesdrop legitimate source routed packets. In some networks this base level security may be complemented with other mechanisms, such as packet filtering, cryptographic security, etc.
> 
> Would this work for people?


that would work for me. 

Thanks.
s.



> FWIW from what I can tell, the above should be relatively easily doable, short cookies in headers, etc. It would remove my main concern of accidentally turned on devices becoming a security hole. It would also help deployment, as firewalls might otherwise default to blocking all kinds of routing headers.
> 
> Jari
> 
> _______________________________________________
> status mailing list
> status@ietf.org
> https://www.ietf.org/mailman/listinfo/status

v2.23.0 | Report a Bug | By Email