IETF Logo Mail Archive

Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06

Gert Doering <gert@space.net> Mon, 26 November 2018 17:53 UTC

Return-Path: <gert@space.net>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E45E2130DC9 for <tsv-art@ietfa.amsl.com>; Mon, 26 Nov 2018 09:53:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xbXoHYAcKbWZ for <tsv-art@ietfa.amsl.com>; Mon, 26 Nov 2018 09:53:40 -0800 (PST)
Received: from mobil.space.net (mobil.space.net [IPv6:2001:608:2:81::67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49B87124D68 for <tsv-art@ietf.org>; Mon, 26 Nov 2018 09:53:39 -0800 (PST)
X-Original-To: tsv-art@ietf.org
Received: from mobil.space.net (localhost [IPv6:::1]) by mobil.space.net (Postfix) with ESMTP id 47F4A41C40 for <tsv-art@ietf.org>; Mon, 26 Nov 2018 18:53:37 +0100 (CET)
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
Received: from moebius4.space.net (moebius4.space.net [IPv6:2001:608:2:2::251]) by mobil.space.net (Postfix) with ESMTP id 29BA540D75; Mon, 26 Nov 2018 18:53:37 +0100 (CET)
Received: by moebius4.space.net (Postfix, from userid 1007) id 1956774A97; Mon, 26 Nov 2018 18:53:37 +0100 (CET)
Date: Mon, 26 Nov 2018 18:53:37 +0100
From: Gert Doering <gert@space.net>
To: Joe Touch <touch@strayalpha.com>
Cc: Gert Doering <gert@space.net>, Christian Huitema <huitema@huitema.net>, ietf <ietf@ietf.org>, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org, Nick Hilliard <nick@foobar.org>, OPSEC <opsec@ietf.org>, tsv-art <tsv-art@ietf.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <20181126175336.GW72840@Space.Net>
References: <977CA53D-7F72-4443-9DE2-F75F7A7C1569@strayalpha.com> <d6deb7af-99dd-9013-2722-8ebbe00c0b37@si6networks.com> <1CB13135-D87A-4100-8668-D761058E1388@strayalpha.com> <0f56c25d-7ac7-e534-4e2c-cc09f5154e77@foobar.org> <28EDE667-457E-4AED-8480-F27ECAA8E985@strayalpha.com> <6bd1ec94-f420-1f4c-9254-941814704dbb@gmail.com> <6be84ccf-9a72-2694-e19d-fa19043a0cb1@huitema.net> <4C249487-BD58-41BB-B8B6-081323E29F6C@strayalpha.com> <20181126075746.GO72840@Space.Net> <6C50775C-EB67-4236-93B8-DF0259E04167@strayalpha.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="ZqYDZSN9O5ZeiDmL"
Content-Disposition: inline
In-Reply-To: <6C50775C-EB67-4236-93B8-DF0259E04167@strayalpha.com>
X-NCC-RegID: de.space
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/A7FWql0knN3bXjffbFzBG-ejkMY>
Subject: Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 17:53:43 -0000

Hi,

On Mon, Nov 26, 2018 at 06:32:43AM -0800, Joe Touch wrote:
> > And then IETF wonders why operators do not feel like time spent on
> > providing their input to IETF WGs is well-spent.
> > 
> > What else can it be, on a real-world device, in today's Internet?
> 
> The failure of a device to run as advertised or the failure of an 
> operation to select the an appropriate device.

This is where the "real-world" bit comes into play.

> Operators that want to conserve resources without cause are welcome
> to run their routers inside glass boxes in museums.  Routers do
> work. Packets cause that work. That work is not an attack unless
> it is *disproportionate*. That is not shown for nearly any of the
> cases in this document.

As people have explained in great detail, there's work that the routers
are built to do, where the number of packets they can handle is nearly
arbitrarily high.

Then there's packets that are seen as an exception, and handled in a
not-as-powerful path.  Back then, when the Internet was new, these 
exceptional packets were considered "something we'll handle when the 
need arises", and it mostly worked.  Today, whenever anything is connected
to the real Internet has a weakness, it will be abused.  Thus, these 
packets will have to be rate-limited, up to the point of uselessness.  

Of course you can build a box that can do everything with the same 
speed.  I would recommend to the reader to make himself familiar with
current market realities, though, regarding "cost", "power consumption",
"feasibility to build in time before the increase in bandwidth has them
obsoleted again" and "willingness of customers to pay serious money for 
their Internet access".

Gert Doering
        -- Operator
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279

v2.23.0 | Report a Bug | By Email