On Thu, 25 Feb 2021, 03:27 Fernando Gont, <fgont@xxxxxxxxxxxxxxx> wrote:
On 23/2/21 13:54, Mark Smith wrote:
> On Wed, 24 Feb 2021 at 02:51, Fernando Gont <fgont@xxxxxxxxxxxxxxx> wrote:
>>
>> Hi, Tom,
>>
>> On 23/2/21 11:34, Tom Herbert wrote:
>> [...]
>>> >From the draft:
>>>
>>> "Unless appropriate mitigations are put in place (e.g., packet
>>> dropping and/or rate- limiting), an attacker could simply send a large
>>> amount of IPv6 traffic employing IPv6 Extension Headers with the
>>> purpose of performing a Denial of Service (DoS) attack"
>>>
>>> That is clearly recommending a mitigation which is to drop packets or
>>> rate-limit.
>>
>> No, We're just stating the obvious. If we were performing a
>> recommendation, the text would be something like "IPv6 implementations
>> should". And we'd also be using RFC2119 speak... and the document would
>> be BCP.
>>
>
> It reads like an implied recommendation to me.
>
> It's stating possible prevention measures, and then the consequences
> of not doing them. That implies the stated prevention measures are
> recommended. (e.g. "If you aren't careful with a knife, you could cut
> yourself (so be careful with a knife)").
I think you're reading more from the draft that what we have written or
meant.
As a native English speaker, I'm just saying how this text reads to me.
Reading that text, I'd start thinking about how I put in place packet dropping or rate-limiting to stop this DoS. Those may not be the only ways to mitigate this issue, however since it has been suggested, I would assume it is the best way, and I think most people would, because people place more weight on stated options over unstated options.
The long term result will be that it will be common for packets with EHs to be dropped or there is rate-limiting on them.
If you still want to mention packet dropping or rate-limiting, then you're going to have to further clarify be when or when it isn't appropriate, and also should mention other mitigations if they exist
e.g.
"An attacker could simply send a large amount of IPv6 traffic employing IPv6 Extension Headers with the purpose of performing a Denial of Service (DoS) attack. In a controlled and trusted network, a DoS attack may not be likely or a concern, since the attacker is more easily identified and halted. In an untrusted network, where a DoS attack is more likely, mitigations such as packet dropping and/or rate- limiting, or other mitigations, may be necessary."
That's well and truly further down the advice path, however, realise that all I've done is expanded on what was already the advice in the text.
Your example is a good one, and has indeed two parts:
"If you aren't careful with a knife, you could cut yourself"
This is a *fact* and I don't think there's much room for debate around it.
"(so be careful with a knife)"
*This* is advice.
The preventative advice appeared twice, firstly at the front, just to follow the format of the text we're looking at - it's the "be careful" part. I put the 2nd instance of the advice in to emphasise it was the advice part, and in brackets because it's optional text and I normally wouldn't say or write it.
"You can cut yourself with a knife, therefore you should be careful." is where the advice is at the end.
"You can cut yourself with a knife, therefore you should be careful." is where the advice is at the end.
If you are careful, you can still cut yourself with a knife. So the fact is a knife can cut, the advice is be careful, whether or not it appears before or after the fact about knives.
Regards,
Mark.
Our document contains the former (a fact), but not the later (advice).
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont@xxxxxxxxxxxxxxx
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
