IETF Logo Mail Archive

Re: [Status] Jari Arkko's BLOCK on charter-ietf-spring-00-06

Jari Arkko <jari.arkko@piuha.net> Thu, 10 October 2013 16:39 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: status@ietfa.amsl.com
Delivered-To: status@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F195521E8117; Thu, 10 Oct 2013 09:39:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.544
X-Spam-Level:
X-Spam-Status: No, score=-102.544 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7EZb4TQOwPWA; Thu, 10 Oct 2013 09:39:25 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id 87F9121E813F; Thu, 10 Oct 2013 09:39:24 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id D0EF12CEB1; Thu, 10 Oct 2013 19:39:23 +0300 (EEST)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FOfxGv0pFg2s; Thu, 10 Oct 2013 19:39:23 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id 419912CCC1; Thu, 10 Oct 2013 19:39:23 +0300 (EEST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <201310101354.r9ADsib8019588@cichlid.raleigh.ibm.com>
Date: Thu, 10 Oct 2013 19:39:23 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <70D84A40-EB41-4D70-983A-DE3EB9FFE876@piuha.net>
References: <525639F6.8010503@cisco.com> <201310101354.r9ADsib8019588@cichlid.raleigh.ibm.com>
To: Thomas Narten <narten@us.ibm.com>
X-Mailer: Apple Mail (2.1510)
X-Mailman-Approved-At: Thu, 10 Oct 2013 10:02:35 -0700
Cc: "iesg@ietf.org" <iesg@ietf.org>, "status@ietf.org" <status@ietf.org>, stbryant@cisco.com
Subject: Re: [Status] Jari Arkko's BLOCK on charter-ietf-spring-00-06
X-BeenThere: status@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Stacked Tunnels for Source Routing \(STATUS\)." <status.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/status>, <mailto:status-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/status>
List-Post: <mailto:status@ietf.org>
List-Help: <mailto:status-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/status>, <mailto:status-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 16:39:30 -0000

Thomas,

> I think a key point is that with IPv6, we are talking (potentially)
> end-to-end exposure of an attack vector. You can have arbitrary end
> nodes anywhere on the Internet injecting traffic that potentially
> directly invokes or impacts source routing. In contrast, one can view
> MPLS as an L2 technology below IP. That means it's deployed in a much
> more restricted setting and a normal sender of TCP/IP has a much more
> restricted attack vector for doing anything that impacts MPLS directly
> (this is key diffference). That means the threat surface for attacks
> on MPLS are very different than for IPv6 more generally.

Yes - a good point. That is one of those restricted cases where it is possible to provide a reasonably secure solution.

But my understanding is that SPRING was at IPv6 layer as well as on MPLS layer… although the charter does not explicitly say it. Just that it is not IPv4…

If SPRING is expected to run at the IPv6 layer, what is the plan to contain the vulnerability?

Jari

v2.23.0 | Report a Bug | By Email