IETF Logo Mail Archive

Re: [v6ops] Please review the No IPv4 draft

Owen DeLong <owen@delong.com> Mon, 14 April 2014 19:39 UTC

Return-Path: <owen@delong.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 810971A0706 for <v6ops@ietfa.amsl.com>; Mon, 14 Apr 2014 12:39:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.262
X-Spam-Level:
X-Spam-Status: No, score=-1.262 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ua0pMcfk0h2K for <v6ops@ietfa.amsl.com>; Mon, 14 Apr 2014 12:39:16 -0700 (PDT)
Received: from owen.delong.com (owen.delong.com [IPv6:2620:0:930::200:2]) by ietfa.amsl.com (Postfix) with ESMTP id 359DB1A0705 for <v6ops@ietf.org>; Mon, 14 Apr 2014 12:39:16 -0700 (PDT)
Received: from owens-mbp.meeting.arin.net (unknown.servercentral.net [50.31.214.180] (may be forged)) (authenticated bits=0) by owen.delong.com (8.14.2/8.14.2) with ESMTP id s3EJWpTn031991 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 14 Apr 2014 12:33:08 -0700
X-DKIM: Sendmail DKIM Filter v2.8.3 owen.delong.com s3EJWpTn031991
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=delong.com; s=mail; t=1397503991; bh=Brk0CkyZBeWqBpHh4By+W5ncIc4=; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc: Message-Id:References:To; b=aaV1XoYabwziSr3u41V0BXW5ChFM7jW5Qsdwfwcna2gAhC6AacRxjbH4B/Mzq7qYn ni+pnpRAh7svz4TK+by1X2JUP9MwqySIf7wQtsQWrN5wX3KXa+QPRM/rFqxfQQpOM9 MZEt04fPL44GSRXVoJ/sDoeSPcwBdmZMYxPfPV7E=
Content-Type: multipart/alternative; boundary="Apple-Mail=_D8F15737-430C-4B6C-AB60-EDE9775DC2F9"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAEmG1=qjev-Fkt4tpMSwy4xz-4L5CKow6xBCyiRY7sr7BBoQeA@mail.gmail.com>
Date: Mon, 14 Apr 2014 12:32:49 -0700
Message-Id: <BEE692B7-4A6E-44CC-9B2F-C6649C7BE622@delong.com>
References: <534BF5A5.5010609@viagenie.ca> <534BFA08.3030404@foobar.org> <49EA8AC9-D5C5-4FE5-9A10-0CD574782F0F@nominum.com> <534C07FC.8000907@foobar.org> <F08AF14D-22C6-4F4C-9388-670EB4CD8453@nominum.com> <F2A0EC2F-6B41-4560-88BA-CEBF3E921B61@delong.com> <CAEmG1=oK8iHAms2_uVBsCtpCG7xBdhRfh9QQrd+JXUXgjBPqPA@mail.gmail.com> <534C1A41.1050505@foobar.org> <CAEmG1=qjev-Fkt4tpMSwy4xz-4L5CKow6xBCyiRY7sr7BBoQeA@mail.gmail.com>
To: Matthew Petach <mpetach@netflight.com>
X-Mailer: Apple Mail (2.1874)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0rc1 (owen.delong.com [192.159.10.2]); Mon, 14 Apr 2014 12:33:11 -0700 (PDT)
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/sBOdcixc3ojvB1vZr39EPqP8GNw
Cc: v6ops@ietf.org
Subject: Re: [v6ops] Please review the No IPv4 draft
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 19:39:20 -0000

On Apr 14, 2014, at 10:45 AM, Matthew Petach <mpetach@netflight.com> wrote:

> 
> On Mon, Apr 14, 2014 at 10:26 AM, Nick Hilliard <nick@foobar.org> wrote:
> On 14/04/2014 18:23, Matthew Petach wrote:
> > (which is to say, the potential for abuse here seems
> > kinda high; are we sure this a good road for us to be
> > traveling down?)
> 
> This is no different to any other type of rogue dhcpv4 situation.
> 
> Nick
> 
> 
> Correct me if I'm wrong, though; being an ICMP
> response, rather than a DHCP response would
> mean DHCP snooping wouldn't be sufficient to stop
> me from engaging in mischief, where today settings
> like DHCP snooping and DHCP guard could prevent
> me from acting as a rogue DHCP server?
> 
> I suppose if we extend the concept of DHCP snooping
> to also include ICMP snooping, that would work.
> 
> Thanks!
> 
> Matt
> 

ICMP was just a suggestion. If you want to put it in DHCP/UDP to dodge abuse potential, I have no problem with that. The point is that this has no business being encoded in DHCPv6 or RA, it belongs in IPv4 somewhere.

Owen

v2.23.0 | Report a Bug | By Email