Re: [v6ops] Limiting the size of the IPv6 header chain (draft-ietf-6man-oversized-header-chain)
Nalini Elkins <nalini.elkins@insidethestack.com> Tue, 11 June 2013 12:57 UTC
Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57FBA21F998B for <v6ops@ietfa.amsl.com>; Tue, 11 Jun 2013 05:57:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.882
X-Spam-Level:
X-Spam-Status: No, score=-1.882 tagged_above=-999 required=5 tests=[AWL=0.116, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H6ufCdLl78JK for <v6ops@ietfa.amsl.com>; Tue, 11 Jun 2013 05:56:56 -0700 (PDT)
Received: from nm12.access.bullet.mail.mud.yahoo.com (nm12.access.bullet.mail.mud.yahoo.com [66.94.237.213]) by ietfa.amsl.com (Postfix) with ESMTP id 2A33521F9983 for <v6ops@ietf.org>; Tue, 11 Jun 2013 05:56:56 -0700 (PDT)
Received: from [66.94.237.200] by nm12.access.bullet.mail.mud.yahoo.com with NNFMP; 11 Jun 2013 12:56:55 -0000
Received: from [66.94.237.117] by tm11.access.bullet.mail.mud.yahoo.com with NNFMP; 11 Jun 2013 12:56:55 -0000
Received: from [127.0.0.1] by omp1022.access.mail.mud.yahoo.com with NNFMP; 11 Jun 2013 12:56:55 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 144679.68939.bm@omp1022.access.mail.mud.yahoo.com
Received: (qmail 23247 invoked by uid 60001); 11 Jun 2013 12:56:54 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1370955414; bh=IEIaLMQsj83avTWOoBeQjhK4iC0WSCHp7fmd4I1h1tU=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=vlRc0vCnvPdKy4CxbESw1KMEAepfAkiArF0db3TcUsHtbG7AVWFAKIA/MPTNogn8LB8FjVDZUZKMHznW12dhmlHQcOG0DW2GMupUuQVqZNpd/WGrn5/4/sgvVSGIsoeUd4e+4MsvZ7l7JTo3vjXnmB6QWUOkbhUyrEkiqPNY/Vs=
X-YMail-OSG: _hqHl4MVM1meO.M5jXorGrwt4ct.MzYjFBjIhlFetQS3zP4 gJoHf4ppBW_HqVbYiN.6yDx53ZSGF8q2dVZUJ7MvqKoAzZ0EwV2P3eiE7aqc A1OUYa3kpyk1fad9kQDFhcv1.tcFBnaPmobII6T49dUyM3iqYr2eqvxaSjY4 Cot0fiGWYTvizdjI_CwThjiDR5gPSZoQEBgIQgEjPeE8Q.rU4Z1foahVFZmu zs3x0T4ypc_q_WPMqeZNaL6v_5ya47294i2yZKRmQ52A1.c0DGspiLNlA3gw 5vn2N4To0VXQlLnCyXtJ_oLYNoe5a1MpIhVjxXl5jkaWQL9jwNpVqcjd2rvj Eog89SjH_eM_ud0btcN_9VNwLV_U8pocrFjsNkR1yRoB29HU1gM968L4K7IT GxN1tMrQ_hhWJbtZyJ4WbDZPeZt88k0q3.PoHfUiD_Oi2gztRLIwrrXOSBSO Qru6s.dUyPdH_av4wfDeowUlQkLB5vrKfDd_MvhW1NywfFFOGt3rRnwJvCGD g5CA4cELX8QFVB_Dj0A6a3HgIcDEmRQI3sLNVhGx_BCEmk.vobPQi8G2wX7x VNWqVhRoWfioEj9xHUm50yZ3trrfmF1EGQD8sBWO7Mn5zMw9yT8._v9SVR.p CO2D55D1otVfxr1RAoutHdqj4_WFAEAtE7Yl0ikUYuc1Pn3wiTxaXQq9JMrN q5csHdw--
Received: from [24.130.37.147] by web2802.biz.mail.ne1.yahoo.com via HTTP; Tue, 11 Jun 2013 05:56:54 PDT
X-Rocket-MIMEInfo: 002.001, CgpPbiBKdW4gMTEsIDIwMTMsIGF0IDEyOjIzIEFNLCBjYi5saXN0NiA8Y2IubGlzdDZAZ21haWwuY29tPiB3cm90ZToKCj4gSSBiZWxpZXZlIFdhcnJlbidzIGRhdGEgaGludHMgYXQgdGhlIGlkZWEgdGhhdCB0aGUgcGFja2V0cyB3aWxsIHZhbmlzaCBpZiB0aGV5IGRvbid0IGZpdCBhIHZlcnkgc3BlY2lmaWMgcHJvZmlsZS7CoCAKCj5WZXJ5IGxpa2VseeKApgoKPkFueXRoaW5nIGJleW9uZCB0aGUgYWJpbGl0eSBvZiBteSBkZXZpY2UgdG8gZmlsdGVyIHBvc2VzIGEgc2VjdXJpdHkgcmlzay7CoCAKCj5FeGEBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.146.552
References: <51B6876A.9020202@si6networks.com> <CAD6AjGRuSShUNWE=Dy_e+Y3sVAro-nwyvD8wYy11wN=MfsTXDg@mail.gmail.com> <51B69AB8.3080502@gmail.com> <CAD6AjGSf3LQjfiT-hmKdoDTGxjEQeVSRwUvRKehx=BpNASX7Ww@mail.gmail.com> <51B69FDB.1090809@gmail.com> <CAD6AjGRCKjY83-mD2EMh7bnENksE5AC5ecG5O7K_4H_7PyYW7w@mail.gmail.com> <9636419F-A126-4775-A6C9-3864F8C22323@puck.nether.net>
Message-ID: <1370955414.21828.YahooMailNeo@web2802.biz.mail.ne1.yahoo.com>
Date: Tue, 11 Jun 2013 05:56:54 -0700
From: Nalini Elkins <nalini.elkins@insidethestack.com>
To: Jared Mauch <jared@puck.nether.net>, "cb.list6" <cb.list6@gmail.com>
In-Reply-To: <9636419F-A126-4775-A6C9-3864F8C22323@puck.nether.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-153701192-1501173685-1370955414=:21828"
Cc: Fernando Gont <fgont@si6networks.com>, IPv6 Ops WG <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>
Subject: Re: [v6ops] Limiting the size of the IPv6 header chain (draft-ietf-6man-oversized-header-chain)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Nalini Elkins <nalini.elkins@insidethestack.com>
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 12:57:02 -0000
On Jun 11, 2013, at 12:23 AM, cb.list6 <cb.list6@gmail.com> wrote: > I believe Warren's data hints at the idea that the packets will vanish if they don't fit a very specific profile. >Very likely… >Anything beyond the ability of my device to filter poses a security risk. >Example from 2008 of operators turning off header processing: >http://www.gossamer-threads.com/lists/nsp/juniper/15066 >Jared 2008? RH0? Dudes, have we not moved beyond this? _______________________________________________ v6ops mailing list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
- Re: [v6ops] Limiting the size of the IPv6 header … Gert Doering
- Re: [v6ops] Limiting the size of the IPv6 header … Robert Elz
- Re: [v6ops] Limiting the size of the IPv6 header … Nick Hilliard
- Re: [v6ops] [6MAN] Re: Limiting the size of the I… Warren Kumari
- Re: [v6ops] Limiting the size of the IPv6 header … Joe Touch
- [v6ops] Limiting the size of the IPv6 header chai… Fernando Gont
- Re: [v6ops] Limiting the size of the IPv6 header … cb.list6
- Re: [v6ops] Limiting the size of the IPv6 header … Brian E Carpenter
- Re: [v6ops] Limiting the size of the IPv6 header … cb.list6
- Re: [v6ops] Limiting the size of the IPv6 header … Brian E Carpenter
- Re: [v6ops] Limiting the size of the IPv6 header … cb.list6
- Re: [v6ops] Limiting the size of the IPv6 header … Jared Mauch
- Re: [v6ops] Limiting the size of the IPv6 header … Fernando Gont
- Re: [v6ops] Limiting the size of the IPv6 header … Fernando Gont
- Re: [v6ops] Limiting the size of the IPv6 header … Nalini Elkins
- Re: [v6ops] Limiting the size of the IPv6 header … Randy Bush
- Re: [v6ops] [6MAN] Re: Limiting the size of the I… Warren Kumari
- Re: [v6ops] Limiting the size of the IPv6 header … Nalini Elkins
- Re: [v6ops] Limiting the size of the IPv6 header … Randy Bush
- Re: [v6ops] Limiting the size of the IPv6 header … Nalini Elkins
- Re: [v6ops] [6MAN] Re: Limiting the size of the I… Warren Kumari
- Re: [v6ops] Limiting the size of the IPv6 header … Brian E Carpenter
- Re: [v6ops] Limiting the size of the IPv6 header … Sander Steffann
- Re: [v6ops] Limiting the size of the IPv6 header … Mark Andrews
- Re: [v6ops] Limiting the size of the IPv6 header … Fernando Gont
- Re: [v6ops] Limiting the size of the IPv6 header … Joe Touch
- Re: [v6ops] Limiting the size of the IPv6 header … Fernando Gont
- Re: [v6ops] Limiting the size of the IPv6 header … Joe Touch
- Re: [v6ops] Limiting the size of the IPv6 header … Fernando Gont
- Re: [v6ops] Limiting the size of the IPv6 header … Gert Doering
- Re: [v6ops] Limiting the size of the IPv6 header … Joe Touch
- Re: [v6ops] Limiting the size of the IPv6 header … Fernando Gont
- Re: [v6ops] Limiting the size of the IPv6 header … Gert Doering
- Re: [v6ops] Limiting the size of the IPv6 header … Brian E Carpenter
- Re: [v6ops] Limiting the size of the IPv6 header … Joe Touch
- Re: [v6ops] Limiting the size of the IPv6 header … Fernando Gont
- Re: [v6ops] Limiting the size of the IPv6 header … Ole Troan
- Re: [v6ops] Limiting the size of the IPv6 header … Joe Touch
- Re: [v6ops] Limiting the size of the IPv6 header … Ole Troan
- Re: [v6ops] Limiting the size of the IPv6 header … Jeroen Massar
- Re: [v6ops] Limiting the size of the IPv6 header … Fernando Gont
- Re: [v6ops] Limiting the size of the IPv6 header … Ole Troan
- [v6ops] Discussion about header chains (was Re: L… Fernando Gont
- Re: [v6ops] Limiting the size of the IPv6 header … Joe Touch
- Re: [v6ops] Limiting the size of the IPv6 header … Joe Touch
- Re: [v6ops] Limiting the size of the IPv6 header … sthaug
- Re: [v6ops] Limiting the size of the IPv6 header … Joe Touch
- Re: [v6ops] Limiting the size of the IPv6 header … Fernando Gont
- Re: [v6ops] Limiting the size of the IPv6 header … Ole Troan
- Re: [v6ops] Limiting the size of the IPv6 header … Fernando Gont
- Re: [v6ops] Limiting the size of the IPv6 header … Fernando Gont
- Re: [v6ops] Limiting the size of the IPv6 header … Ray Hunter
- Re: [v6ops] [6MAN] Re: Limiting the size of the I… Warren Kumari
- Re: [v6ops] Limiting the size of the IPv6 header … Joe Touch
- Re: [v6ops] Limiting the size of the IPv6 header … Fernando Gont
- Re: [v6ops] [6MAN] Re: Limiting the size of the I… Joe Touch
- Re: [v6ops] [6MAN] Re: Limiting the size of the I… Fernando Gont
- Re: [v6ops] [6MAN] Re: Limiting the size of the I… Mark Andrews
- Re: [v6ops] Limiting the size of the IPv6 header … Arturo Servin
- Re: [v6ops] Limiting the size of the IPv6 header … Brian E Carpenter
- Re: [v6ops] Discussion about header chains (was R… Jeroen Massar
- Re: [v6ops] Limiting the size of the IPv6 header … Randy Bush
- Re: [v6ops] [Int-area] Limiting the size of the I… cb.list6
- Re: [v6ops] Discussion about header chains (was R… Joe Touch
- Re: [v6ops] Discussion about header chains (was R… Jeroen Massar
- Re: [v6ops] Discussion about header chains (was R… Joe Touch
- Re: [v6ops] Discussion about header chains (was R… Jeroen Massar
- Re: [v6ops] Limiting the size of the IPv6 header … Ray Hunter
- Re: [v6ops] Limiting the size of the IPv6 header … Tom Taylor
- Re: [v6ops] Limiting the size of the IPv6 header … Ray Hunter
- Re: [v6ops] Limiting the size of the IPv6 header … Tom Taylor
- Re: [v6ops] Limiting the size of the IPv6 header … Ray Hunter
- Re: [v6ops] Limiting the size of the IPv6 header … Brian E Carpenter
- Re: [v6ops] Limiting the size of the IPv6 header … Brian E Carpenter
- Re: [v6ops] Limiting the size of the IPv6 headerc… Tony Hain
- Re: [v6ops] Limiting the size of the IPv6 headerc… Lorenzo Colitti
- Re: [v6ops] Limiting the size of the IPv6 headerc… Bill Jouris