IETF Logo Mail Archive

Re: [Status] SPRING Charter

"John G. Scudder" <jgs@juniper.net> Tue, 15 October 2013 15:46 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: status@ietfa.amsl.com
Delivered-To: status@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 562F921E81CA; Tue, 15 Oct 2013 08:46:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.939
X-Spam-Level:
X-Spam-Status: No, score=-4.939 tagged_above=-999 required=5 tests=[AWL=1.660, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u0IIRDNmN1Xy; Tue, 15 Oct 2013 08:46:19 -0700 (PDT)
Received: from tx2outboundpool.messaging.microsoft.com (tx2ehsobe002.messaging.microsoft.com [65.55.88.12]) by ietfa.amsl.com (Postfix) with ESMTP id CEA3721E80CC; Tue, 15 Oct 2013 08:46:18 -0700 (PDT)
Received: from mail161-tx2-R.bigfish.com (10.9.14.235) by TX2EHSOBE015.bigfish.com (10.9.40.35) with Microsoft SMTP Server id 14.1.225.22; Tue, 15 Oct 2013 15:46:17 +0000
Received: from mail161-tx2 (localhost [127.0.0.1]) by mail161-tx2-R.bigfish.com (Postfix) with ESMTP id 79AA91A0041; Tue, 15 Oct 2013 15:46:17 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.240.101; KIP:(null); UIP:(null); IPV:NLI; H:BL2PRD0510HT005.namprd05.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: 6
X-BigFish: VPS6(zz98dI9371Izz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6h1082kzz1de098h1de097h8275bhz2fh2a8h839h944hd25he5bhf0ah1220h1288h12a5h12a9h12bdh137ah139eh13b6h1441h14ddh1504h1537h162dh1631h1662h1758h1898h18e1h1946h19b5h19ceh1ad9h1b0ah1d0ch1d2eh1d3fh1dfeh1dffh1e1dh1e23h1fe8h1ff5h2052h20b3m1155h)
Received-SPF: pass (mail161-tx2: domain of juniper.net designates 157.56.240.101 as permitted sender) client-ip=157.56.240.101; envelope-from=jgs@juniper.net; helo=BL2PRD0510HT005.namprd05.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(24454002)(377454003)(199002)(189002)(69226001)(53416003)(49866001)(47736001)(50986001)(42186004)(53806001)(47976001)(74706001)(50466002)(83072001)(36756003)(81542001)(76796001)(76786001)(56816003)(77156001)(77096001)(81342001)(50226001)(4396001)(46102001)(51856001)(47446002)(74662001)(74502001)(19580405001)(83322001)(19580395003)(31966008)(80976001)(76482001)(81686001)(65816001)(82746002)(56776001)(54316002)(33656001)(62966002)(85306002)(59766001)(74876001)(57306001)(81816001)(46406003)(80022001)(66066001)(47776003)(63696002)(23726002)(79102001)(74366001)(77982001)(83716002)(42262001); DIR:OUT; SFP:; SCL:1; SRVR:DM2PR05MB527; H:jgs-sslvpn-nc.jnpr.net; CLIP:66.129.232.2; FPR:; RD:InfoNoRecords; A:1; MX:1; LANG:en;
Received: from mail161-tx2 (localhost.localdomain [127.0.0.1]) by mail161-tx2 (MessageSwitch) id 1381851975729164_31186; Tue, 15 Oct 2013 15:46:15 +0000 (UTC)
Received: from TX2EHSMHS023.bigfish.com (unknown [10.9.14.242]) by mail161-tx2.bigfish.com (Postfix) with ESMTP id A83472C004C; Tue, 15 Oct 2013 15:46:15 +0000 (UTC)
Received: from BL2PRD0510HT005.namprd05.prod.outlook.com (157.56.240.101) by TX2EHSMHS023.bigfish.com (10.9.99.123) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 15 Oct 2013 15:46:15 +0000
Received: from DM2PR05MB527.namprd05.prod.outlook.com (10.141.99.151) by BL2PRD0510HT005.namprd05.prod.outlook.com (10.255.100.40) with Microsoft SMTP Server (TLS) id 14.16.371.2; Tue, 15 Oct 2013 15:46:14 +0000
Received: from jgs-sslvpn-nc.jnpr.net (66.129.232.2) by DM2PR05MB527.namprd05.prod.outlook.com (10.141.99.151) with Microsoft SMTP Server (TLS) id 15.0.775.9; Tue, 15 Oct 2013 15:46:12 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: "John G. Scudder" <jgs@juniper.net>
In-Reply-To: <201310151346.r9FDkSIl023262@cichlid.raleigh.ibm.com>
Date: Tue, 15 Oct 2013 11:45:49 -0400
Content-Transfer-Encoding: quoted-printable
Message-ID: <6F483334-A2CB-4775-A3D5-41C7B6F64D41@juniper.net>
References: <52584CCA.8000902@cisco.com> <201310151346.r9FDkSIl023262@cichlid.raleigh.ibm.com>
To: Thomas Narten <narten@us.ibm.com>
X-Mailer: Apple Mail (2.1510)
X-Originating-IP: [66.129.232.2]
X-ClientProxiedBy: BN1PR01CA009.prod.exchangelabs.com (10.242.217.167) To DM2PR05MB527.namprd05.prod.outlook.com (10.141.99.151)
X-Forefront-PRVS: 00003DBFE7
X-OriginatorOrg: juniper.net
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Cc: Benoit Claise <bclaise@cisco.com>, "iesg@ietf.org" <iesg@ietf.org>, Jari Arkko <jari.arkko@piuha.net>, "status@ietf.org" <status@ietf.org>, stbryant@cisco.com
Subject: Re: [Status] SPRING Charter
X-BeenThere: status@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Stacked Tunnels for Source Routing \(STATUS\)." <status.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/status>, <mailto:status-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/status>
List-Post: <mailto:status@ietf.org>
List-Help: <mailto:status-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/status>, <mailto:status-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 15:46:27 -0000

Thomas,

On Oct 15, 2013, at 9:46 AM, Thomas Narten <narten@us.ibm.com> wrote:

> When it comes to IPv6, however, the question of who is capable of
> adding these "segment routes" becomes very significant. If the
> originating end node can add SRs, the attack surface for exploiting
> SRs becomes much more complicated

Do you think if the document set said "a host SHALL NOT add an explicit route" it would make the attack surface less complicated? Why?

FWIW I think the draft charter addresses this concern here:

"There is an assumed trust model such that any node 
imposing an explicit route on a packet is assumed to 
be allowed to do so, however administrative and trust 
boundaries may strip explicit routes from a packet."

Some hosts may be part of the trust domain. Others may not.

--John

v2.23.0 | Report a Bug | By Email