Re: [v6ops] IPv6 EHs in the Real World (Fwd: New Version Notification for draft-gont-v6ops-ipv6-ehs-in-real-world-02.txt)

On 3/26/15 9:47 AM, Merike Kaeo wrote:
> Sounds good.
> 
> Warren/Joel…I think resurrecting work on Why Operators Filter Fragments (https://tools.ietf.org/html/draft-taylor-v6ops-fragdrop-02) may be a good idea :)

it might be time, though I expect it won't be super warmly received either.

> - merike
> 
> [list may get duplicate of this message since first attempt was blocked due to using email I didn't use to subscribe to list…..apologies in advance]
> 
> On Mar 26, 2015, at 7:37 AM, "Eric Vyncke (evyncke)" <evyncke@cisco.com> wrote:
> 
>> Merike and Fernando,
>>
>> As I wrote a couple of comments on the methodology, I do not mind joining
>> your test campaign ;-)
>>
>> Let's talk perhaps here in Dallas?
>>
>> -éric
>>
>> On 17/03/15 15:10, "Merike Kaeo" <kaeo@merike.com> wrote:
>>
>>>
>>> On Mar 17, 2015, at 6:52 AM, Mikael Abrahamsson <swmike@swm.pp.se> wrote:
>>>
>>>> On Mon, 16 Mar 2015, sthaug@nethelp.no wrote:
>>>>
>>>>>>> Lets live in the real world shall we?
>>>>>>>
>>>>>>> http://customer.comcast.com/help-and-support/internet/email-port-25-no
>>>>>>> -longer-supported/
>>>>>>
>>>>>> Ah, so the reason that an ISP would enforce ACLs is because of a
>>>>>> protocol with a lousy security model that is only fixable (and even
>>>>>> then, not very) with the help of firewalls.   Fair enough--I had
>>>>>> developed a blind spot about this issue because it's been broken for
>>>>>> so long and we've been reflexively avoiding the brokenness for so long.
>>>>>>
>>>>>> But essentially what's happening here is that we are seeing a design
>>>>>> flaw at layer 7 forcing brokenness at layer 3.   Oops.   Maybe we
>>>>>> should stop reflexively working around this problem and seriously
>>>>>> figure out how fix it, so that twenty years from now we no longer need
>>>>>> a broken layer 3.
>>>>>
>>>>> I'm all for that. However, I cannot afford to wait 20 years for a fix
>>>>> to the problems. My priorities, as I see them:
>>>>>
>>>>> 1. Protect my network.
>>>>> 2. Within reason, protect my customers.
>>>>> 3. Move traffic to and from my customers, in a semi-optimal way.
>>>>
>>>> Please also add 4. "Protect the Internet from your customers". This is
>>>> something too many miss.
>>>
>>> I for one am really glad that we are getting operational reality input.
>>> Thank you.  FWIW, I'm sitting next to Fernando at a security conference
>>> we are both at
>>> and I had offered to help with this draft.  This was a few months ago.
>>> What I see is that we are in need of some additional measurements and that
>>> will happen.  I would love to see some added input on this list in how to
>>> improve measurements rather than the criticism of just how current
>>> measurements
>>> have been done.  Collectively gathering operational realities is a good
>>> thing for added input on how to deal with EHs.  And FWIW, I am not in
>>> favor of
>>> deprecating EHs since that is too drastic but we as a community have to
>>> understand where they are practically used and where they are dropped for
>>> reasons that some deem as necessary.
>>>
>>> - merike
>>>
>>>
>>> _______________________________________________
>>> v6ops mailing list
>>> v6ops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/v6ops
>>
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
> 

Re: [v6ops] IPv6 EHs in the Real World (Fwd: New Version Notification for draft-gont-v6ops-ipv6-ehs-in-real-world-02.txt)

Attachment: signature.asc