IETF Logo Mail Archive

Re: [Status] Jari Arkko's BLOCK on charter-ietf-spring-00-06

Stewart Bryant <stbryant@cisco.com> Thu, 10 October 2013 15:07 UTC

Return-Path: <stbryant@cisco.com>
X-Original-To: status@ietfa.amsl.com
Delivered-To: status@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 946CE21F9D68; Thu, 10 Oct 2013 08:07:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.486
X-Spam-Level:
X-Spam-Status: No, score=-110.486 tagged_above=-999 required=5 tests=[AWL=0.113, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7CIVEkBLKnk7; Thu, 10 Oct 2013 08:07:10 -0700 (PDT)
Received: from ams-iport-4.cisco.com (ams-iport-4.cisco.com [144.254.224.147]) by ietfa.amsl.com (Postfix) with ESMTP id 3D91221F9E1D; Thu, 10 Oct 2013 08:06:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1216; q=dns/txt; s=iport; t=1381417615; x=1382627215; h=message-id:date:from:reply-to:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=nRqP5CRo3KMCEGtBLxrJsw/YgULe130yrcybSn4rkt8=; b=Do0x3KDhAOhRRHepUV9bagx7uzRG4G+RXeP/0wMbdf8/KttWogSHjD2o DthSfBXQv8fopknGonVLz03hD3WmXsNpssqzvciAyJX8ZRylc5ATzGpug u7SBBypzjIeGE0XTDm8MXrOnJSYvNvse1LdH2dn887k9Ac1vst65iMTnP s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ai8FAD7BVlKQ/khL/2dsb2JhbABZgwe/MIMDgSIWdIIlAQEBBDhAARALGAkWDwkDAgECAUUGDQEHAQGIArlpj0cHhCMDmAWSAoMl
X-IronPort-AV: E=Sophos;i="4.90,1072,1371081600"; d="scan'208";a="18669483"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-4.cisco.com with ESMTP; 10 Oct 2013 15:06:54 +0000
Received: from cisco.com (mrwint.cisco.com [64.103.70.36]) by ams-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r9AF6noX008310 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 10 Oct 2013 15:06:51 GMT
Received: from [IPv6:::1] (localhost [127.0.0.1]) by cisco.com (8.14.4+Sun/8.8.8) with ESMTP id r9AF6lAq004714; Thu, 10 Oct 2013 16:06:48 +0100 (BST)
Message-ID: <5256C286.9050805@cisco.com>
Date: Thu, 10 Oct 2013 16:06:46 +0100
From: Stewart Bryant <stbryant@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Thomas Narten <narten@us.ibm.com>
References: <525639F6.8010503@cisco.com> <201310101354.r9ADsib8019588@cichlid.raleigh.ibm.com>
In-Reply-To: <201310101354.r9ADsib8019588@cichlid.raleigh.ibm.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Jari Arkko <jari.arkko@piuha.net>, "iesg@ietf.org" <iesg@ietf.org>, "status@ietf.org" <status@ietf.org>
Subject: Re: [Status] Jari Arkko's BLOCK on charter-ietf-spring-00-06
X-BeenThere: status@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: stbryant@cisco.com
List-Id: "Stacked Tunnels for Source Routing \(STATUS\)." <status.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/status>, <mailto:status-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/status>
List-Post: <mailto:status@ietf.org>
List-Help: <mailto:status-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/status>, <mailto:status-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 15:07:17 -0000

On 10/10/2013 14:54, Thomas Narten wrote:
> FWIW, I agree with Jari's base observation about the challenges of
> source routing in IPv6 (and IPv4).
>
> I think a key point is that with IPv6, we are talking (potentially)
> end-to-end exposure of an attack vector. You can have arbitrary end
> nodes anywhere on the Internet injecting traffic that potentially
> directly invokes or impacts source routing. In contrast, one can view
> MPLS as an L2 technology below IP. That means it's deployed in a much
> more restricted setting and a normal sender of TCP/IP has a much more
> restricted attack vector for doing anything that impacts MPLS directly
> (this is key diffference). That means the threat surface for attacks
> on MPLS are very different than for IPv6 more generally.
>
> What has torpedoed source routing in IP is precisely that it is done
> at the IP level, where it's difficult to prevent arbitrary attackers
> from anywhere on the Internet creating mischief.
>
> Thomas

Thomas

My point is that just because it is challenging, does not mean we
should accept the challenge if the use case is there.

What is required is charter text that sets the bar appropriately.

Stewart

v2.23.0 | Report a Bug | By Email