IETF Logo Mail Archive

Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06

Gert Doering <gert@space.net> Tue, 27 November 2018 07:35 UTC

Return-Path: <gert@space.net>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D5EE130E79 for <tsv-art@ietfa.amsl.com>; Mon, 26 Nov 2018 23:35:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qtbm10pHHtuS for <tsv-art@ietfa.amsl.com>; Mon, 26 Nov 2018 23:34:59 -0800 (PST)
Received: from mobil.space.net (mobil.space.net [IPv6:2001:608:2:81::67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3F33128D0C for <tsv-art@ietf.org>; Mon, 26 Nov 2018 23:34:58 -0800 (PST)
X-Original-To: tsv-art@ietf.org
Received: from mobil.space.net (localhost [IPv6:::1]) by mobil.space.net (Postfix) with ESMTP id D7BB041C40 for <tsv-art@ietf.org>; Tue, 27 Nov 2018 08:34:56 +0100 (CET)
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
Received: from moebius4.space.net (moebius4.space.net [IPv6:2001:608:2:2::251]) by mobil.space.net (Postfix) with ESMTP id BC11741B3A; Tue, 27 Nov 2018 08:34:56 +0100 (CET)
Received: by moebius4.space.net (Postfix, from userid 1007) id B7A6A74581; Tue, 27 Nov 2018 08:34:56 +0100 (CET)
Date: Tue, 27 Nov 2018 08:34:56 +0100
From: Gert Doering <gert@space.net>
To: Joe Touch <touch@strayalpha.com>
Cc: Gert Doering <gert@space.net>, Christian Huitema <huitema@huitema.net>, ietf <ietf@ietf.org>, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org, Nick Hilliard <nick@foobar.org>, OPSEC <opsec@ietf.org>, tsv-art <tsv-art@ietf.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <20181127073456.GB72840@Space.Net>
References: <1CB13135-D87A-4100-8668-D761058E1388@strayalpha.com> <0f56c25d-7ac7-e534-4e2c-cc09f5154e77@foobar.org> <28EDE667-457E-4AED-8480-F27ECAA8E985@strayalpha.com> <6bd1ec94-f420-1f4c-9254-941814704dbb@gmail.com> <6be84ccf-9a72-2694-e19d-fa19043a0cb1@huitema.net> <4C249487-BD58-41BB-B8B6-081323E29F6C@strayalpha.com> <20181126075746.GO72840@Space.Net> <6C50775C-EB67-4236-93B8-DF0259E04167@strayalpha.com> <20181126175336.GW72840@Space.Net> <c959d8cb6f6a04a8da8318cfa89da341@strayalpha.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="crKL6RA0ItB9/v2W"
Content-Disposition: inline
In-Reply-To: <c959d8cb6f6a04a8da8318cfa89da341@strayalpha.com>
X-NCC-RegID: de.space
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/o6ur2DQqouzHcbxvX76eE350YZw>
Subject: Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2018 07:35:02 -0000

Hi,

On Mon, Nov 26, 2018 at 01:59:38PM -0800, Joe Touch wrote:
> > Of course you can build a box that can do everything with the same 
> > speed.  I would recommend to the reader to make himself familiar with
> > current market realities, though, regarding "cost", "power consumption",
> > "feasibility to build in time before the increase in bandwidth has them
> > obsoleted again" and "willingness of customers to pay serious money for 
> > their Internet access".
> 
> If you sold this as "partial IPv6" or "incomplete support for RFC8200",
> then sure. 
> 
> If most of the time these options are not used, then fine - rate limit
> when they come up. But say that's what you're doing. 
> 
> And don't pretend that this is for security purposes. 

So your advice would be to turn off IPv6 support in our network, then?

Because customers are not going to pay money for it, and "no money for it"
is not going to buy me a "full featured and IETF-approved" set of routers.

Reality can be fairly uncomfortable.

Gert Doering
        -- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279

v2.23.0 | Report a Bug | By Email