Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-gont-opsec-ipv6-eh-filtering-00.txt
Fernando Gont <fgont@si6networks.com> Fri, 18 July 2014 04:34 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BFBB1A0495; Thu, 17 Jul 2014 21:34:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jpkaa5DwxI_k; Thu, 17 Jul 2014 21:34:42 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E8FE1A0415; Thu, 17 Jul 2014 21:34:42 -0700 (PDT)
Received: from static-68-179-14-169.ptr.terago.net ([68.179.14.169] helo=[172.16.52.172]) by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <fgont@si6networks.com>) id 1X7zsO-0006Ml-HY; Fri, 18 Jul 2014 06:34:33 +0200
Message-ID: <53C8A0DF.9000605@si6networks.com>
Date: Thu, 17 Jul 2014 22:21:51 -0600
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Joe Touch <touch@isi.edu>, "C. M. Heard" <heard@pobox.com>
References: <20140704235122.9794.84948.idtracker@ietfa.amsl.com> <53C35CC4.2070304@gmail.com> <53C57F39.7080800@gont.com.ar> <53C5C279.2090600@gmail.com> <53C5C91C.2020203@isi.edu> <53C5CAEE.5080805@si6networks.com> <53C6B1E5.4060905@isi.edu> <Pine.LNX.4.64.1407161401400.6057@shell4.bayarea.net> <53C82DE3.5010007@isi.edu> <53C84841.3050702@si6networks.com> <53C8506E.1050002@isi.edu>
In-Reply-To: <53C8506E.1050002@isi.edu>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/q4L46cDdDIkeT7RILhF0NmaTxNg
Cc: OPSEC <opsec@ietf.org>, Internet Area <int-area@ietf.org>, IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-gont-opsec-ipv6-eh-filtering-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jul 2014 04:34:44 -0000
On 07/17/2014 04:38 PM, Joe Touch wrote: >>> >>> They need to be characterized as what they are: >>> >>> - an attempt to accommodate devices that are NOT IPv6-compliant >> >> I'd have a hard time coming uup with a vendor/device that can process >> IPv6 packets with HBH header with the same performance as regular >> packets. So.. are you suggesting that we start claiming that "we >> currently do not know of any ipv6-compliant routers", or what? (fwiw, I >> expect you are not) > > If we are, then it's time to adjust RFC2460. I disagree. Operational policy != protocol specification. Actually, the IETF can do whatever it wants with the protocol specs, but not that much with the operational stuff (other than providing *advice* -- because ops folks can do whatever they want with their networks). > IMO, we ought to: > > - define the features/capabilities we think are necessary > > - require that anything that doesn't support what's necessary > as non-compliant > > Otherwise, you're just un-doing all the work that goes into the > standards process in the first place. All because you think that > anything you don't expect is an attack. It isn't. It just means you're > not prepared. We seem to be in disagreement. If anything, anything that I don't want is not an attack, but rather an unnecessary attack surface. But again, please read the I-D... because it really doesn't follow that reasoning. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- Re: [v6ops] I-D Action: draft-gont-opsec-ipv6-eh-… Brian E Carpenter
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Mikael Abrahamsson
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Fernando Gont
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Brian E Carpenter
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Joe Touch
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Fernando Gont
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Fernando Gont
- Re: [v6ops] I-D Action: draft-gont-opsec-ipv6-eh-… C. M. Heard
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Joe Touch
- Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-… C. M. Heard
- Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-… Joe Touch
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Fernando Gont
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Joe Touch
- Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-… Fernando Gont
- Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-… Fernando Gont
- Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-… Joe Touch
- Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-… Fernando Gont
- Re: [v6ops] [OPSEC] [Int-area] I-D Action: draft-… Warren Kumari
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… RJ Atkinson
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Fernando Gont
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Mikael Abrahamsson
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Fernando Gont
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Smith, Donald