IETF Logo Mail Archive

Re: [v6ops] new draft: draft-taylor-v6ops-fragdrop

David Farmer <farmer@umn.edu> Tue, 16 October 2012 19:24 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7787C21F899F for <v6ops@ietfa.amsl.com>; Tue, 16 Oct 2012 12:24:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GyiWcQRjzg9z for <v6ops@ietfa.amsl.com>; Tue, 16 Oct 2012 12:24:42 -0700 (PDT)
Received: from vs-w.tc.umn.edu (vs-w.tc.umn.edu [134.84.135.88]) by ietfa.amsl.com (Postfix) with ESMTP id E4D9F21F87D7 for <v6ops@ietf.org>; Tue, 16 Oct 2012 12:24:40 -0700 (PDT)
Received: from mail-ob0-f198.google.com (mail-ob0-f198.google.com [209.85.214.198]) by vs-w.tc.umn.edu (UMN smtpd) with ESMTP for <v6ops@ietf.org>; Tue, 16 Oct 2012 14:23:20 -0500 (CDT)
X-Umn-Remote-Mta: [N] mail-ob0-f198.google.com [209.85.214.198] #+LO+TR
X-Umn-Classification: local
Received: by mail-ob0-f198.google.com with SMTP id 16so15885237obc.1 for <v6ops@ietf.org>; Tue, 16 Oct 2012 12:23:19 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:reply-to:organization:user-agent:mime-version :to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding:x-gm-message-state; bh=5OtGJXH62nGRknhSpFdBRHAJYKTRsdLPXUzZg2DfNXc=; b=ieuBN3iIEucdDmfY3mYuqkebUtBUpKfL53lJV0c/Iz9CLDq4iZ8RBO82eiW7V/7ZBf deaeQBdS5oN6dQjxSzWlPTzglYIGsnw65P3zHnRa8rTbcJQmXcGBUxberKaIO6DOnKQR afaoDoGDxbfreKlOa2mPgQeVTr7AIaqK5U2K1l7v6jvgCfqTPor80j67vfy54z9N4lWc 0Ay8gVeJ06Xq9oNd5A62lSwCYDcbmdHtQLvYgmvduDFIe8JwrT0yUXt9DaFeAtWzt/Hm 03Elt1VcoaFVoAveVnDbBIKD3joeG2sdhSqhsXMEgqKGRDziWMm+tKFWI6Y4f10WmjFy ThEw==
Received: by 10.50.163.70 with SMTP id yg6mr12795909igb.30.1350415399369; Tue, 16 Oct 2012 12:23:19 -0700 (PDT)
Received: by 10.50.163.70 with SMTP id yg6mr12795895igb.30.1350415399216; Tue, 16 Oct 2012 12:23:19 -0700 (PDT)
Received: from x-134-84-88-28.nts.umn.edu ([2607:ea00:101:2001:223:dfff:fe83:bf68]) by mx.google.com with ESMTPS id uj6sm9670763igb.4.2012.10.16.12.23.10 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 16 Oct 2012 12:23:18 -0700 (PDT)
Message-ID: <507DB421.8060707@umn.edu>
Date: Tue, 16 Oct 2012 14:23:13 -0500
From: David Farmer <farmer@umn.edu>
Organization: University of Minnesota
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
MIME-Version: 1.0
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>
References: <201210161245.q9GCj0i26478@ftpeng-update.cisco.com> <E1829B60731D1740BB7A0626B4FAF0A65E0DEDF3A2@XCH-NW-01V.nw.nos.boeing.com> <507DA6A3.20807@inex.ie> <E1829B60731D1740BB7A0626B4FAF0A65E0DEDF3C3@XCH-NW-01V.nw.nos.boeing.com>
In-Reply-To: <E1829B60731D1740BB7A0626B4FAF0A65E0DEDF3C3@XCH-NW-01V.nw.nos.boeing.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Gm-Message-State: ALoCoQlmybI2K0N2ZMxrvVVJRzTz1hB02lJJpeMKVp9YCeuOWl5wYt30PV7ebKaLQTFZPckigHDTrWUjEnvYlKIApgs+RkYN804sGrwSFO3dKNIkVj8t84uHu+somGS41c3jsSCHH0Nf
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, "draft-taylor-v6ops-fragdrop@tools.ietf.org" <draft-taylor-v6ops-fragdrop@tools.ietf.org>
Subject: Re: [v6ops] new draft: draft-taylor-v6ops-fragdrop
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: David Farmer <farmer@umn.edu>
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2012 19:24:42 -0000

On 10/16/12 13:42 CDT, Templin, Fred L wrote:
>
> Why not just let non-initial fragments through and then forward
> or don't forward the initial fragment depending on whether it
> contains enough information in tlv headers to permit a filtering
> decision?
>

There are fundamental differences in the security threat models between 
a bank and a prison.

If what you are trying to do is prevent information leakage, things 
getting out, then the non-initial fragments could have valuable 
information that you don't want leaking, even if it is incomplete 
information.

Yes, encryption can deal with this issue, but were dealing with the same 
mentality that says you have to decrypt everything crossing the 
parameter to inspect everything going out or coming in.

In most situations I believe this is invalid reasoning, however I cannot 
say it is invalid in all situations.  I also believe the reasoning is in 
far more common use than the situations that actually justify it.

-- 
===============================================
David Farmer               Email:farmer@umn.edu
Office of Information Technology
University of Minnesota	
2218 University Ave SE	    Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email