Re: [v6ops] Reminder: draft-ietf-v6ops-tunnel-loops WGLC
Mark Townsley <mark@townsley.net> Mon, 11 April 2011 10:30 UTC
Return-Path: <mark@townsley.net>
X-Original-To: v6ops@core3.amsl.com
Delivered-To: v6ops@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 03EDC28C0F1 for <v6ops@core3.amsl.com>; Mon, 11 Apr 2011 03:30:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.106
X-Spam-Level:
X-Spam-Status: No, score=-3.106 tagged_above=-999 required=5 tests=[AWL=-0.108, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lv-kwuoyJgd4 for <v6ops@core3.amsl.com>; Mon, 11 Apr 2011 03:30:44 -0700 (PDT)
Received: from mail-ww0-f42.google.com (mail-ww0-f42.google.com [74.125.82.42]) by core3.amsl.com (Postfix) with ESMTP id 916CE28C0E9 for <v6ops@ietf.org>; Mon, 11 Apr 2011 03:30:43 -0700 (PDT)
Received: by wwk4 with SMTP id 4so2471076wwk.1 for <v6ops@ietf.org>; Mon, 11 Apr 2011 03:30:43 -0700 (PDT)
Received: by 10.216.245.4 with SMTP id n4mr2587930wer.83.1302517843193; Mon, 11 Apr 2011 03:30:43 -0700 (PDT)
Received: from ams-townsley-8712.cisco.com (64-103-25-233.cisco.com [64.103.25.233]) by mx.google.com with ESMTPS id t5sm2573113wes.9.2011.04.11.03.30.40 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 11 Apr 2011 03:30:41 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: multipart/alternative; boundary="Apple-Mail-11--59391485"
From: Mark Townsley <mark@townsley.net>
In-Reply-To: <F4D36B5E-C481-4CA0-8140-EAEF6B947685@cisco.com>
Date: Mon, 11 Apr 2011 12:30:39 +0200
Message-Id: <76A1027D-4F9E-49A6-9EA9-AE018C545B6A@townsley.net>
References: <EA2927DA-41EB-44D6-9494-80150863AD15@cisco.com> <F4D36B5E-C481-4CA0-8140-EAEF6B947685@cisco.com>
To: Fred Baker <fred@cisco.com>
X-Mailer: Apple Mail (2.1082)
Cc: IPv6 Ops WG <v6ops@ietf.org>, Ron Bonica <ron@bonica.org>
Subject: Re: [v6ops] Reminder: draft-ietf-v6ops-tunnel-loops WGLC
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Apr 2011 10:30:45 -0000
I think we should have much stronger language here that filtering of protocol 41 packets breaks 6to4, along with pointers to the relevant documents discussed in v6ops as to why this causes problems. It's more than "may not be suitable for scenarios where IPv4 connectivity is essential on all interfaces" as this action can have real adverse affects on unsuspecting users. 3.2.1.1. Filtering IPv4 Protocol-41 Packets In this measure a tunnel router may drop all IPv4 protocol-41 packets received or sent over interfaces that are attached to an untrusted IPv4 network. This will cut-off any IPv4 network as a shared link. This measure has the advantage of simplicity. However, such a measure may not always be suitable for scenarios where IPv4 connectivity is essential on all interfaces. Further, I believe we should be very clear in the abstract that this is an attack vector for which there are (at the time of writing) no known reports of any malicious attacks utilizing said vector. - Mark On Apr 6, 2011, at 7:59 AM, Fred Baker wrote: > > On Mar 31, 2011, at 11:30 AM, Fred Baker wrote: > >> This is to initiate a one week working group last call of draft-ietf-v6ops-tunnel-loops; it will close a week from Friday. The IESG reviewed the document and asked for changes; we need to be sure we are comfortable with the changes. The diff from the version sent to the IESG last November is at http://tinyurl.com/6dhowhf >> >> Please read it now. If you find nits (spelling errors, minor suggested wording changes, etc), comment to the authors; if you find greater issues, such as disagreeing with a statement or finding additional issues that need to be addressed, please post your comments to the list. > > WGLC closing Sunday. Any comments on the draft? > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops
- [v6ops] draft-ietf-v6ops-tunnel-loops WGLC Fred Baker
- [v6ops] Reminder: draft-ietf-v6ops-tunnel-loops W… Joel Jaeggli
- [v6ops] draft-ietf-v6ops-tunnel-loops WGLC Fred Baker
- Re: [v6ops] draft-ietf-v6ops-tunnel-loops WGLC Templin, Fred L
- Re: [v6ops] draft-ietf-v6ops-tunnel-loops WGLC Fred Baker
- Re: [v6ops] draft-ietf-v6ops-tunnel-loops WGLC Templin, Fred L
- Re: [v6ops] draft-ietf-v6ops-tunnel-loops WGLC Joel Jaeggli
- Re: [v6ops] draft-ietf-v6ops-tunnel-loops WGLC Templin, Fred L
- [v6ops] Reminder: draft-ietf-v6ops-tunnel-loops W… Fred Baker
- Re: [v6ops] Reminder: draft-ietf-v6ops-tunnel-loo… Brian E Carpenter
- Re: [v6ops] Reminder: draft-ietf-v6ops-tunnel-loo… Mark Townsley