IETF Logo Mail Archive

Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06

Joe Touch <touch@strayalpha.com> Wed, 05 December 2018 14:35 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C191126C01; Wed, 5 Dec 2018 06:35:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.221
X-Spam-Level:
X-Spam-Status: No, score=-1.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qp6WCd_mUeq8; Wed, 5 Dec 2018 06:35:48 -0800 (PST)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E53DD12785F; Wed, 5 Dec 2018 06:35:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=4D8+sekdvngH+2i5IFAcj5I/0X/OHRwGurKIJp0V3a8=; b=m/aQhl1Ey8+Zyxo3F2XF1QcEk 7h86arpKAE/9Xqe9+uzmIU+urN1r5nhtV+dDdunqugKN1RxMkBYlCp1FP/2vAYKPG7mnv+d1ai0FY 906kOTIE9oGeNElU/Wk1+6av48W7UVK8uIFsbiFHW1LEOTnmpteUVj4xXF4q2pDWXolXyRfhP19H3 NyCmoJxx5MRYrkuzUmdreh3m/LM7NGMak2zN7IJG5gExweASEA7+7q98OpnVssSNVRDstzJST3FOC JmImzpMZ6TM5dIFNVtcFqxTkKPFW46VQuNcTjOK8osI2xafAR7AZCdAP4q84EMRaenb4bB3htVV0h 5XZl9zhVA==;
Received: from cpe-172-250-240-132.socal.res.rr.com ([172.250.240.132]:57261 helo=[192.168.1.16]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1gUYHC-000e5M-Oy; Wed, 05 Dec 2018 09:35:47 -0500
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Joe Touch <touch@strayalpha.com>
X-Mailer: iPad Mail (16B92)
In-Reply-To: <49ce09a7-8974-fc74-f2ed-c5ef734095a7@gmail.com>
Date: Wed, 05 Dec 2018 06:35:46 -0800
Cc: Gert Doering <gert@space.net>, IETF-Discussion Discussion <ietf@ietf.org>, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org, opsec@ietf.org, tsv-art@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <2FF6B298-B948-44C0-9345-FD72FE4901B5@strayalpha.com>
References: <CAL9jLaY4h75KK4Bh-kZC6-5fJupaNdUfm1gK2Dg99jBntMCEyQ@mail.gmail.com> <C47149DC-CAF2-449F-8E18-A0572BBF4746@strayalpha.com> <CAL9jLaYfysKm7qrG=+jq7zV=5ODnSX-tAhBAiTU7SzYF-YmcGw@mail.gmail.com> <728C6048-896E-4B12-B80B-2091D7373D16@strayalpha.com> <CAL9jLaYHVdHr+rVoWeNtXTXgLxbTaX8V9gn3424tvsLW60Kvow@mail.gmail.com> <5E70C208-0B31-4333-BB8C-4D45E678E878@isc.org> <CAN-Dau0go6_Puf0A9e7KBpk0ApJBUvcxYtezxnwNc-8pKJ3PwQ@mail.gmail.com> <4D69FA8E-FB8A-4A16-9CA6-690D8AE33C9E@strayalpha.com> <20181205122142.GJ1543@Space.Net> <F17C4944-09EC-4AAC-84A0-B660E36AAE89@strayalpha.com> <20181205133821.GL1543@Space.Net> <B6280E0C-6B20-43C1-BB34-170FB06F1EF7@strayalpha.com> <49ce09a7-8974-fc74-f2ed-c5ef734095a7@gmail.com>
To: Stewart Bryant <stewart.bryant@gmail.com>
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/1vOg0FJiLDi7bA1PqNgnLNflvpE>
Subject: Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 14:35:50 -0000

There are gaps here, but there in other places:
- the gap between what a protocol needs and what is in the spec
	if HBH isn’t needed and can’t be implemented, remove them
	if HBH is needed, then we need to find a way to have the requirement mean something

A similar problem exists with fragmentation. NIMBYisnm won’t fix it, nor will operator declarations, nor false security declarations.

I don’t have a problem with fixing the STANDARD. I have a problem with an end-run in ops.

Joe

> On Dec 5, 2018, at 6:31 AM, Stewart Bryant <stewart.bryant@gmail.com> wrote:
> 
> 
> As far as I see, this thread illustrates that there is a significant gap between the protocol designers, the protocol implementers and the protocol users. This is something that needs to be addressed if the IETF is not to loose its reason to exist.
> 
> Best regards
> 
> Stewart
> 
> 
>> On 05/12/2018 13:45, Joe Touch wrote:
>> Vendors are not required to lie when claiming IPv6 support.
>> 
>>> On Dec 5, 2018, at 5:38 AM, Gert Doering <gert@space.net> wrote:
>>> 
>>> Hi,
>>> 
>>> On Wed, Dec 05, 2018 at 04:31:17AM -0800, Joe Touch wrote:
>>>>> On Dec 5, 2018, at 4:21 AM, Gert Doering <gert@space.net> wrote:
>>>>> 
>>>>>> On Wed, Dec 05, 2018 at 04:13:47AM -0800, Joe Touch wrote:
>>>>>> Then THAT is the security issue.  Not the packets that cause a broken implementation to have problems.
>>>>> Can we declare folks at IETF that have no idea about operational realities
>>>>> to be a security issue?
>>>> As long as we can do the same for operators that blame protocols for vendor issues.
>>> If a protocol cannot be implemented in a way that can be paid by real world
>>> participants, it's not a vendor issue.
>>> 
>>> Gert Doering
>>>        -- NetMaster
>>> -- 
>>> have you enabled IPv6 on something today...?
>>> 
>>> SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
>>> Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
>>> D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
>>> Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279
>>> _______________________________________________
>>> Tsv-art mailing list
>>> Tsv-art@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tsv-art
>

v2.23.0 | Report a Bug | By Email