Re: [Status] Status of Spring

[Stewart Bryant <stbryant@cisco.com>]

On 10/10/2013 22:03, Jari Arkko wrote:
> Thanks Stewart and others.
>
> I wanted to add one clarification and some more technical discussion.
>
>> Jari who is the main discuss holder will work with us over
>> the next couple of days to try to get some text that will allow
>> us to go forward.
> I would really like to work with you to get this resolved. I see the issue, as I think do others, but I need your help in the WG to figure out what to do about it. I do not currently have a good idea, but I am sure we'll resolve it somehow. Some of you have already offered help - thanks.
>
> To provide a bit more context why just saying that we'll use it in closed networks is unlikely to work:
>
> The MPLS case was easy because these networks are naturally restricted to specific areas, and there is no way for a random person in some other part of the Internet to send you packets with MPLS labels.
>
> The basic problem with IP is that when someone defines a new source-routing header solution and applies it in network X, it does not affect just X. The code will be on various devices - with RH0 we had it on BSD, Linux, various brands of routers, maybe even on hosts, etc. Often turned on by default, leaving vulnerabilities open in many networks.
>
> We could say that the feature MUST be by default off and can only be enabled upon explicit request from the network manager.
> However, if I have a thousand devices in my network I start to worry that at least one of them has accidentally enabled the feature.
Are we talking routers or devices here?

In the routing world many bad things can happen if a router is 
misconfigured,
so I am not sure how this is special?

>   So now that device could potentially reflect traffic sent to it from the outside to an internal destination.
>   This could be used to subvert firewall policies, DoS attacks on nodes not visible from the Internet, etc. As a result of this worry I now have to turn on filtering on the border of my network for the new routing header. Is there a way around this?
I doubt it, although presumably you will not have enabled forwarding
on the new header unless you intended to forward on it.

Off by default is a good starting position, but is not charter text.
>
> Also, the charter is clear that you are wishing for at least an eventual inter-AS solution. That raises the bar.
The interest here is that people run multiple AS in a DC. We are not 
talking about this being
run on the Internet core.
>
> In any case, I could completely off base with the above - I have not read your proposed solutions and maybe you are thinking of something completely different, or have already found the clever solutions to the problem. I'm happy to learn more :-)
>

I am unaware of a solution sitting on the table, but the discussion is 
about the charter
text describing what people are going to work on. It is not a detailed 
evaluation of
a solution.

So what we are looking for here is charter text that provides the 
critical success factors that
determine whether a solution can be sent for publication.

Stewart