Re: [v6ops] Revised I-D: Advice on RA-Guard Implementation
Fernando Gont <fgont@si6networks.com> Fri, 06 January 2012 16:15 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFB1321F8872 for <v6ops@ietfa.amsl.com>; Fri, 6 Jan 2012 08:15:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.373
X-Spam-Level:
X-Spam-Status: No, score=-0.373 tagged_above=-999 required=5 tests=[AWL=0.087, BAYES_00=-2.599, DATE_IN_PAST_03_06=0.044, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QDgwhYzyUseI for <v6ops@ietfa.amsl.com>; Fri, 6 Jan 2012 08:15:20 -0800 (PST)
Received: from srv01.bbserve.nl (srv01.bbserve.nl [46.21.160.232]) by ietfa.amsl.com (Postfix) with ESMTP id 7EE6521F876C for <v6ops@ietf.org>; Fri, 6 Jan 2012 08:15:19 -0800 (PST)
Received: from [190.48.248.59] (helo=[192.168.123.102]) by srv01.bbserve.nl with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <fgont@si6networks.com>) id 1RjCRk-0003PO-6p; Fri, 06 Jan 2012 17:15:12 +0100
Message-ID: <4F06DD25.6080506@si6networks.com>
Date: Fri, 06 Jan 2012 08:38:13 -0300
From: Fernando Gont <fgont@si6networks.com>
Organization: SI6 Networks
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111108 Thunderbird/3.1.16
MIME-Version: 1.0
To: "Gunter Van de Velde (gvandeve)" <gvandeve@cisco.com>
References: <4F04F5CA.6010802@si6networks.com> <4269EA985EACD24987D82DAE2FEC62E504DA8736@XMB-AMS-101.cisco.com> <4F06C555.4020509@si6networks.com> <4269EA985EACD24987D82DAE2FEC62E504DA8754@XMB-AMS-101.cisco.com>
In-Reply-To: <4269EA985EACD24987D82DAE2FEC62E504DA8754@XMB-AMS-101.cisco.com>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] Revised I-D: Advice on RA-Guard Implementation
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2012 16:15:20 -0000
Hi, Gunter, On 01/06/2012 07:34 AM, Gunter Van de Velde (gvandeve) wrote: > Hi Fernando, > > What i wrote to you in a 1-2-1 mail was: > [..] I was referring to the e-mails you sent me off-list right after this I-D was presented at the IETF meeting in July 2011. You not only agreed with pursuing this effort, but also put me in contact with one folk at Cisco, so that we'd "resubmit" the I-D together. I've just forwarded you those e-mails of list. I can copy an excerpt to the list, if you want. > I am just not sure it justifies a potential RFC, mainly because its well > known access-list avoidance. So essentially your saying that the IETF went through the effort of publishing RFC 6105 even when it was it was well-known that RA-Guard could be trivially evaded? -- Sorry, but I don't buy that. > I do agree that security section of RA-Guard is not detailed enough, > particular taking your > work into consideration, and i take blame for that. There's no "blame" to take. An specs is published, someone finds holes or "missing stuff", and it gets fixed. That's why we have the "update" metadata, after all, isn't it? Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- [v6ops] Revised I-D: Advice on RA-Guard Implement… Fernando Gont
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Marc Blanchet
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Fernando Gont
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Simon Perreault
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Gunter Van de Velde (gvandeve)
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Fernando Gont
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Gunter Van de Velde (gvandeve)
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Gert Doering
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Fernando Gont
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Fernando Gont
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Philip Homburg
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Joel jaeggli
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Gert Doering
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Simon Perreault
- Re: [v6ops] Revised I-D: Advice on RA-Guard Imple… Fernando Gont