Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06

David Farmer <farmer@umn.edu> Wed, 05 December 2018 07:00 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EE7C130DED for <tsv-art@ietfa.amsl.com>; Tue, 4 Dec 2018 23:00:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yB5IxM3w_3K7 for <tsv-art@ietfa.amsl.com>; Tue, 4 Dec 2018 23:00:53 -0800 (PST)
Received: from mta-p7.oit.umn.edu (mta-p7.oit.umn.edu [134.84.196.207]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E89E12958B for <tsv-art@ietf.org>; Tue, 4 Dec 2018 23:00:50 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mta-p7.oit.umn.edu (Postfix) with ESMTP id 8BCF5BB9 for <tsv-art@ietf.org>; Wed, 5 Dec 2018 07:00:49 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p7.oit.umn.edu ([127.0.0.1]) by localhost (mta-p7.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jx4Tx723eD3E for <tsv-art@ietf.org>; Wed, 5 Dec 2018 01:00:49 -0600 (CST)
Received: from mail-ua1-f71.google.com (mail-ua1-f71.google.com [209.85.222.71]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p7.oit.umn.edu (Postfix) with ESMTPS id 4D2DBB62 for <tsv-art@ietf.org>; Wed, 5 Dec 2018 01:00:48 -0600 (CST)
Received: by mail-ua1-f71.google.com with SMTP id d24so2133782uak.5 for <tsv-art@ietf.org>; Tue, 04 Dec 2018 23:00:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=t80ePzyj96stD7HAWRlB5NtEYPDu+NICqNhJiTIHmOA=; b=mOXp4NO8I42hKLDxMZI2vondlGyK6JBYGT3VG9hypuvicCAazyBdYP75DfV9/OexkG LwUG8X8g1wgCPN833SQe/RJj9uWvxZep+5eV2rAR8Kdxqd+BnvMGl0U7ueFB1NEvPvDI qxv8DBKPZOdzrfOBDGMWeOSTlVpCzC4d8nFAf+rQkk7+C8k//MsGDVTqMc+STyxVnliC kjlFhOGk4AJwZZEEAUBviA1IMISeY1OqItdqcnkNhfnQXcZBeKXnBcv3aQPWAZM1qz/K OlBzt2nQ+V3mzasz3udkwmbKVMp0gnY5hVa4cqQ0nWTn7NPywZXQbTOmZ5FvVtJID169 fLTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=t80ePzyj96stD7HAWRlB5NtEYPDu+NICqNhJiTIHmOA=; b=MdfVJLbSqSFjgwidI2m7OkMTpKSHW74QoKUxXSJ3YZjbBvq3HHEZDRA6eQbGVUkHuT bg/qQ+dvKwyWiddlFBjUs+DzbKivCPPfJbr3Yw6grRFxQKfRabq6ppGTHqmo1U7+uk0u CWWP3vQf2pHzmsm0cr8tGx9m1hMepwKWGKpbrEYQIwLljvAIV2WWwoeqYo6wmLloG142 3q2eLiOBh3fRK9ItsD7U+GB0ZxLH54r9N2AHEkzZnPIZWPweyw9WCpSHDbfeb37yueXY IcLtYTt6VeuMIgg946q2UghG1a6f3LLCou0oCt7za11DAGl+7VpjpKxayHbwXABIvqve V6Nw==
X-Gm-Message-State: AA+aEWZZtePDQqCgyOSKjWSI3KWma7y79EJmRZJBFhBTpMkPSGjsmVl6 7q6GUXFPshJlgIoVHsYYJjfYiw5r86VlnVKL8pNldiooazQW38AkndCGOgVZbpgwKKcRQlX7Ry3 8gu29TvAAjFs1wGhGxwPMTfZJLp2B
X-Received: by 2002:a67:c86:: with SMTP id 128mr10323668vsm.221.1543993247335; Tue, 04 Dec 2018 23:00:47 -0800 (PST)
X-Google-Smtp-Source: AFSGD/VvKtMH84gSbbS7QSBeZN69qHR88/ykxjTMgfmOTew7pF01esP0vFc+FHa0SVuuBaXQd2wFZ2lKjKU+bVf8BRs=
X-Received: by 2002:a67:c86:: with SMTP id 128mr10323659vsm.221.1543993246962; Tue, 04 Dec 2018 23:00:46 -0800 (PST)
MIME-Version: 1.0
References: <977CA53D-7F72-4443-9DE2-F75F7A7C1569@strayalpha.com> <d6deb7af-99dd-9013-2722-8ebbe00c0b37@si6networks.com> <1CB13135-D87A-4100-8668-D761058E1388@strayalpha.com> <0f56c25d-7ac7-e534-4e2c-cc09f5154e77@foobar.org> <28EDE667-457E-4AED-8480-F27ECAA8E985@strayalpha.com> <6bd1ec94-f420-1f4c-9254-941814704dbb@gmail.com> <6be84ccf-9a72-2694-e19d-fa19043a0cb1@huitema.net> <4C249487-BD58-41BB-B8B6-081323E29F6C@strayalpha.com> <20181126075746.GO72840@Space.Net> <6C50775C-EB67-4236-93B8-DF0259E04167@strayalpha.com> <20181126175336.GW72840@Space.Net> <c959d8cb6f6a04a8da8318cfa89da341@strayalpha.com> <2425355d-e7cc-69dd-5b5d-78966056fea7@foobar.org> <C4D47788-0F3D-4512-A4E3-11F3E6EC230B@strayalpha.com> <8d3d3b05-ecc3-ad54-cb86-ffe6dc4b4f16@gmail.com> <C929A8B9-D65C-4EF7-9707-2238AE389BE3@strayalpha.com> <CAL9jLaY4h75KK4Bh-kZC6-5fJupaNdUfm1gK2Dg99jBntMCEyQ@mail.gmail.com> <C47149DC-CAF2-449F-8E18-A0572BBF4746@strayalpha.com> <CAL9jLaYfysKm7qrG=+jq7zV=5ODnSX-tAhBAiTU7SzYF-YmcGw@mail.gmail.com> <728C6048-896E-4B12-B80B-2091D7373D16@strayalpha.com> <CAL9jLaYHVdHr+rVoWeNtXTXgLxbTaX8V9gn3424tvsLW60Kvow@mail.gmail.com> <5E70C208-0B31-4333-BB8C-4D45E678E878@isc.org>
In-Reply-To: <5E70C208-0B31-4333-BB8C-4D45E678E878@isc.org>
From: David Farmer <farmer@umn.edu>
Date: Wed, 05 Dec 2018 01:00:30 -0600
Message-ID: <CAN-Dau0go6_Puf0A9e7KBpk0ApJBUvcxYtezxnwNc-8pKJ3PwQ@mail.gmail.com>
To: Mark Andrews <marka@isc.org>
Cc: morrowc.lists@gmail.com, tsv-art@ietf.org, opsec@ietf.org, IETF-Discussion Discussion <ietf@ietf.org>, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org
Content-Type: multipart/alternative; boundary="0000000000000570c4057c40f105"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/iZa2LEFIfJFmr4BW5HKUJzoH7x0>
Subject: Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 07:01:00 -0000

On Wed, Dec 5, 2018 at 12:15 AM Mark Andrews <marka@isc.org> wrote:

>
> And the correct thing to do is to FIX THE BROKEN PRODUCT.
>
> If a ssh implementation is broken we don’t drop SSH packets.  We fix the
> broken implementation of ssh.
>
> If there is a SQL injection problem we fix that problem rather than
> dropping HTTP
> and HTTPS packets.
>
> If a router can’t handle all legal packets at line rate the router needs
> to fixed.
>
> Punting stuff to be processed by the same CPU that process the routing
> table worked
> for a while.  There is no rule that says routers can’t have multiple CPUs
> some of
> which are dedicated to handling the control plane and other that deal with
> everything
> else that has been punted.  Design the router so that the control plane
> doesn’t get
> overloaded and the exceptional packet get handled.
>
> Generating PTB’s shouldn’t be seen as exceptional.  Fragmented packets
> shouldn’t be
> seen as exceptional.
>

Even if agree that is the way routers SHOULD be designed today. I'm not
aware of any that are designed that way.

Further, even if all new router shipped from today on were designed that
way, which they are not. It would easily take a decade or more for all the
old legacy routers to fade away on the Internet. Those are facts we have to
work with.

-- 
===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================