Re: [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
Nick Hilliard <nick@foobar.org> Sun, 25 November 2018 13:00 UTC
Return-Path: <nick@foobar.org>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A9261288EB; Sun, 25 Nov 2018 05:00:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c6LiscVU30Sv; Sun, 25 Nov 2018 05:00:03 -0800 (PST)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A32961277BB; Sun, 25 Nov 2018 05:00:02 -0800 (PST)
X-Envelope-To: ietf@ietf.org
Received: from crumpet.local (089-101-070074.ntlworld.ie [89.101.70.74] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id wAPCxvIx012227 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 25 Nov 2018 12:59:59 GMT (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-070074.ntlworld.ie [89.101.70.74] (may be forged) claimed to be crumpet.local
To: Joe Touch <touch@strayalpha.com>
Cc: Fernando Gont <fgont@si6networks.com>, ietf@ietf.org, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org, opsec@ietf.org, tsv-art@ietf.org
References: <154300282321.9639.11604402305352742547@ietfa.amsl.com> <C4886ABA-3BBE-46AE-B2D9-9A6836D7A8BB@strayalpha.com> <2c28d4ac-87de-bcaf-54e8-4e745235c800@gmail.com> <977CA53D-7F72-4443-9DE2-F75F7A7C1569@strayalpha.com> <d6deb7af-99dd-9013-2722-8ebbe00c0b37@si6networks.com> <1CB13135-D87A-4100-8668-D761058E1388@strayalpha.com>
From: Nick Hilliard <nick@foobar.org>
Message-ID: <0f56c25d-7ac7-e534-4e2c-cc09f5154e77@foobar.org>
Date: Sun, 25 Nov 2018 12:59:55 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 PostboxApp/6.1.5
MIME-Version: 1.0
In-Reply-To: <1CB13135-D87A-4100-8668-D761058E1388@strayalpha.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/hV0Ms5XUAn3FJ6Qo8qy_cQWCASE>
Subject: Re: [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Nov 2018 13:00:06 -0000
Joe Touch wrote on 25/11/2018 06:24: > The reality is that standards are not followed, agreed. That does not > imply that we need to relax those standards - instead, it can be > reason to fix broken devices. > > Working at the level of the most broken device is no way to run a > production Internet. > > And claiming that doing so is appropriate for security reasons is > just as broken, as it always has been. Joe, another point of view would be that operator feedback should be welcomed because sometimes protocols are found to be difficult to implement fully, or when implemented fully cause unforeseen consequences. EHs are a good example of this. When originally conceived - for the best of intentions - the spec was sufficiently loose that they were not just unimplementable from a practical point of view, but the spec was open to protocol level security problems. RFC7112 describes some issues relating to EHs, but there are plenty of other examples. How, where and when to filter EH packets creates a bind, no doubt about it. Some EHs are intrinsically troublesome (e.g. anything with hbh processing requirements); others can be processed without issues. The IETF can choose to ignore this problem or get involved and have some influence about what might constitute best practice. If this happens, vendors might even fix some of their silicon. Declaring that the problem exists only on one side won't make the Internet better. Nick
- [Tsv-art] Tsvart last call review of draft-ietf-o… Michael Scharf
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Brian E Carpenter
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Fernando Gont
- Re: [Tsv-art] Tsvart last call review of draft-ie… Fernando Gont
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Nick Hilliard
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Brian E Carpenter
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Christian Huitema
- Re: [Tsv-art] Tsvart last call review of draft-ie… Nick Hilliard
- Re: [Tsv-art] Tsvart last call review of draft-ie… Christian Huitema
- Re: [Tsv-art] Tsvart last call review of draft-ie… Brian E Carpenter
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Fernando Gont
- Re: [Tsv-art] Tsvart last call review of draft-ie… Fernando Gont
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Eric Rescorla
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Ole Troan
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Benjamin Kaduk
- Re: [Tsv-art] Tsvart last call review of draft-ie… Mark Andrews
- Re: [Tsv-art] Tsvart last call review of draft-ie… Brian E Carpenter
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Stewart Bryant
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Stewart Bryant
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Stewart Bryant
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Christopher Morrow
- Re: [Tsv-art] Tsvart last call review of draft-ie… C. M. Heard
- Re: [Tsv-art] Tsvart last call review of draft-ie… Christopher Morrow
- Re: [Tsv-art] Tsvart last call review of draft-ie… Brian E Carpenter
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Brian E Carpenter
- Re: [Tsv-art] Tsvart last call review of draft-ie… Brian E Carpenter
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ie… Christopher Morrow
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Christopher Morrow
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Brian E Carpenter
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Christopher Morrow
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Mark Andrews
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … David Farmer
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Stewart Bryant
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Ole Troan
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Randy Bush
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Ole Troan
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Stewart Bryant
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Ole Troan
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Christian Huitema
- [Tsv-art] HbH flags [Tsvart last call review of d… Brian E Carpenter
- Re: [Tsv-art] HbH flags [Tsvart last call review … Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Joe Touch
- Re: [Tsv-art] HbH flags [Tsvart last call review … Brian E Carpenter
- [Tsv-art] game over, EH [Tsvart last call review … Brian E Carpenter
- Re: [Tsv-art] HbH flags [Tsvart last call review … Joe Touch
- [Tsv-art] ECMP [Tsvart last call review of draft-… Brian E Carpenter
- Re: [Tsv-art] HbH flags [Tsvart last call review … Brian E Carpenter
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Stephen Farrell
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Brian E Carpenter
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Fernando Gont
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Fernando Gont
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Fernando Gont
- Re: [Tsv-art] HbH flags [Tsvart last call review … Joe Touch
- Re: [Tsv-art] HbH flags [Tsvart last call review … Christopher Morrow
- Re: [Tsv-art] HbH flags [Tsvart last call review … Joe Touch
- Re: [Tsv-art] HbH flags [Tsvart last call review … Joe Touch
- Re: [Tsv-art] HbH flags [Tsvart last call review … Christopher Morrow
- Re: [Tsv-art] HbH flags [Tsvart last call review … Christopher Morrow
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Gert Doering
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] [OPSEC] HbH flags [Tsvart last call… Gert Doering
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Brian Trammell (IETF)
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Stewart Bryant
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Stewart Bryant
- Re: [Tsv-art] HbH flags [Tsvart last call review … Ole Troan
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Stewart Bryant
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Ole Troan
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Stewart Bryant
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Gert Doering
- Re: [Tsv-art] HbH flags [Tsvart last call review … Stewart Bryant
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Stewart Bryant
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Stewart Bryant
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Gert Doering
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Ole Troan
- Re: [Tsv-art] HbH flags [Tsvart last call review … Joe Touch
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Spencer Dawkins at IETF
- Re: [Tsv-art] HbH flags [Tsvart last call review … Joe Touch
- Re: [Tsv-art] [OPSEC] HbH flags [Tsvart last call… Joe Touch
- Re: [Tsv-art] HbH flags [Tsvart last call review … Joe Touch
- Re: [Tsv-art] HbH flags [Tsvart last call review … Ole Troan
- Re: [Tsv-art] HbH flags [Tsvart last call review … Stewart Bryant
- Re: [Tsv-art] HbH flags [Tsvart last call review … Joe Touch
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Fernando Gont
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Smith, Donald
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Ole Troan
- Re: [Tsv-art] game over, EH [Tsvart last call rev… C. M. Heard
- Re: [Tsv-art] [OPSEC] game over, EH [Tsvart last … Jared Mauch
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Jared Mauch
- Re: [Tsv-art] game over, EH [Tsvart last call rev… C. M. Heard
- Re: [Tsv-art] [OPSEC] game over, EH [Tsvart last … Smith, Donald
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Gert Doering
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Nico Williams
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Brian E Carpenter
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Brian E Carpenter
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Nick Hilliard
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Brian E Carpenter
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Eric Rescorla
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Jared Mauch
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Fernando Gont
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Christopher Morrow
- Re: [Tsv-art] HbH flags [Tsvart last call review … Christopher Morrow
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Gert Doering
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Eric Rescorla
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Jared Mauch
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Eric Rescorla
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Joe Touch
- Re: [Tsv-art] HbH flags [Tsvart last call review … Pete Resnick
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Jared Mauch
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Jared Mauch
- Re: [Tsv-art] HbH flags [Tsvart last call review … Jared Mauch
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Joe Touch
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Nico Williams
- [Tsv-art] OT: TCP session lifetime - Re: game ove… Jared Mauch
- Re: [Tsv-art] OT: TCP session lifetime - Re: game… Nico Williams
- Re: [Tsv-art] game over, EH [Tsvart last call rev… Eric Rescorla
- Re: [Tsv-art] OT: TCP session lifetime - Re: game… Gert Doering
- [Tsv-art] Engaging constructively [HbH flags [Tsv… Alissa Cooper
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Wes Hardaker
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Brian E Carpenter
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Wes Hardaker
- Re: [Tsv-art] [OPSEC] Tsvart last call review of … Fernando Gont
- Re: [Tsv-art] ECMP [Tsvart last call review of dr… Fernando Gont