IETF Logo Mail Archive

Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06

Joe Touch <touch@strayalpha.com> Mon, 26 November 2018 14:32 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93D09130E01; Mon, 26 Nov 2018 06:32:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7_CPny01sE0d; Mon, 26 Nov 2018 06:32:47 -0800 (PST)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19A5D130DE0; Mon, 26 Nov 2018 06:32:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Xm0IvYTFIsuPiKrom54UGGEMm9aAirYYAWrYorcTHrs=; b=wuGUnGhffVDp2fE9itWdsN1Sh ndcD+43Vulrk0JH8Uq7vk0cYnEAXuzwABAXmyTYo7VqaExqYarz8shi5jDswDC2ujG2VBivYBskD3 pFnMfwjjcFW04SoXUpzsKALQQsG1PYZe4pYGaMOcFSbEZN7X+FSx38KSlunEhcr8P+IBEJZuXzmW2 UWPQPP5zb4p29PN0LVZLL3LlMBoYORWCWj4WQS0GXaSi2hqQzR7HtTVKtenaXVyUAnzJlSebSxOvU D4lrHDfMtgUgm+Xgc6xoovSPyn7jvmjB3spzrL8L2Wjq4X5z8kKXkfBgNKGKlUE+tElJQNfgxPVBm BzE4f5lIw==;
Received: from cpe-172-250-240-132.socal.res.rr.com ([172.250.240.132]:53435 helo=[192.168.1.16]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1gRHwJ-003gOc-Gh; Mon, 26 Nov 2018 09:32:45 -0500
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Joe Touch <touch@strayalpha.com>
X-Mailer: iPad Mail (16B92)
In-Reply-To: <20181126075746.GO72840@Space.Net>
Date: Mon, 26 Nov 2018 06:32:43 -0800
Cc: Christian Huitema <huitema@huitema.net>, ietf <ietf@ietf.org>, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org, Nick Hilliard <nick@foobar.org>, OPSEC <opsec@ietf.org>, tsv-art <tsv-art@ietf.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6C50775C-EB67-4236-93B8-DF0259E04167@strayalpha.com>
References: <C4886ABA-3BBE-46AE-B2D9-9A6836D7A8BB@strayalpha.com> <2c28d4ac-87de-bcaf-54e8-4e745235c800@gmail.com> <977CA53D-7F72-4443-9DE2-F75F7A7C1569@strayalpha.com> <d6deb7af-99dd-9013-2722-8ebbe00c0b37@si6networks.com> <1CB13135-D87A-4100-8668-D761058E1388@strayalpha.com> <0f56c25d-7ac7-e534-4e2c-cc09f5154e77@foobar.org> <28EDE667-457E-4AED-8480-F27ECAA8E985@strayalpha.com> <6bd1ec94-f420-1f4c-9254-941814704dbb@gmail.com> <6be84ccf-9a72-2694-e19d-fa19043a0cb1@huitema.net> <4C249487-BD58-41BB-B8B6-081323E29F6C@strayalpha.com> <20181126075746.GO72840@Space.Net>
To: Gert Doering <gert@space.net>
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/GwAPSrjRx2Uhb18_0fBmevhTGsI>
Subject: Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 14:32:49 -0000


> On Nov 25, 2018, at 11:57 PM, Gert Doering <gert@space.net> wrote:
> 
> Hi,
> 
>> On Sun, Nov 25, 2018 at 09:16:23PM -0800, Joe Touch wrote:
>> I.e., most of the analysis in this document is flat out incorrect in assuming that merely because a packet could cause a router to do work that it is a security risk to handle that packet as intended.
> 
> And then IETF wonders why operators do not feel like time spent on
> providing their input to IETF WGs is well-spent.
> 
> What else can it be, on a real-world device, in today's Internet?

The failure of a device to run as advertised or the failure of an operation to select the an appropriate device.

Operators that want to conserve resources without cause are welcome to run their routers inside glass boxes in museums.  Routers do work. Packets cause that work. That work is not an attack unless it is *disproportionate*. That is not shown for nearly any of the cases in this document.

Joe

v2.23.0 | Report a Bug | By Email