IETF Logo Mail Archive

Re: [v6ops] Revised I-D: Advice on RA-Guard Implementation

Fernando Gont <fgont@si6networks.com> Fri, 06 January 2012 16:15 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFB1321F8872 for <v6ops@ietfa.amsl.com>; Fri, 6 Jan 2012 08:15:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.373
X-Spam-Level:
X-Spam-Status: No, score=-0.373 tagged_above=-999 required=5 tests=[AWL=0.087, BAYES_00=-2.599, DATE_IN_PAST_03_06=0.044, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QDgwhYzyUseI for <v6ops@ietfa.amsl.com>; Fri, 6 Jan 2012 08:15:20 -0800 (PST)
Received: from srv01.bbserve.nl (srv01.bbserve.nl [46.21.160.232]) by ietfa.amsl.com (Postfix) with ESMTP id 7EE6521F876C for <v6ops@ietf.org>; Fri, 6 Jan 2012 08:15:19 -0800 (PST)
Received: from [190.48.248.59] (helo=[192.168.123.102]) by srv01.bbserve.nl with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <fgont@si6networks.com>) id 1RjCRk-0003PO-6p; Fri, 06 Jan 2012 17:15:12 +0100
Message-ID: <4F06DD25.6080506@si6networks.com>
Date: Fri, 06 Jan 2012 08:38:13 -0300
From: Fernando Gont <fgont@si6networks.com>
Organization: SI6 Networks
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111108 Thunderbird/3.1.16
MIME-Version: 1.0
To: "Gunter Van de Velde (gvandeve)" <gvandeve@cisco.com>
References: <4F04F5CA.6010802@si6networks.com> <4269EA985EACD24987D82DAE2FEC62E504DA8736@XMB-AMS-101.cisco.com> <4F06C555.4020509@si6networks.com> <4269EA985EACD24987D82DAE2FEC62E504DA8754@XMB-AMS-101.cisco.com>
In-Reply-To: <4269EA985EACD24987D82DAE2FEC62E504DA8754@XMB-AMS-101.cisco.com>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] Revised I-D: Advice on RA-Guard Implementation
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2012 16:15:20 -0000

Hi, Gunter,

On 01/06/2012 07:34 AM, Gunter Van de Velde (gvandeve) wrote:
> Hi Fernando,
> 
> What i wrote to you in a 1-2-1 mail was:
> 
[..]

I was referring to the e-mails you sent me off-list right after this I-D
was presented at the IETF meeting in July 2011. You not only agreed with
pursuing this effort, but also put me in contact with one folk at Cisco,
so that we'd "resubmit" the I-D together.

I've just forwarded you those e-mails of list. I can copy an excerpt to
the list, if you want.


> I am just not sure it justifies a potential RFC, mainly because its well
> known access-list avoidance.

So essentially your saying that the IETF went through the effort of
publishing RFC 6105 even when it was it was well-known that RA-Guard
could be trivially evaded?

-- Sorry, but I don't buy that.


> I do agree that security section of RA-Guard is not detailed enough,
> particular taking your 
> work into consideration, and i take blame for that.

There's no "blame" to take. An specs is published, someone finds holes
or "missing stuff", and it gets fixed. That's why we have the "update"
metadata, after all, isn't it?

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email