Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Christopher Morrow <morrowc.lists@xxxxxxxxx>
Subject: Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
From: Joe Touch <touch@xxxxxxxxxxxxxx>
Date: Tue, 4 Dec 2018 20:32:11 -0800
Cc: ietf <ietf@xxxxxxxx>, draft-ietf-opsec-ipv6-eh-filtering.all@xxxxxxxx, opsec wg mailing list <opsec@xxxxxxxx>, tsv-art@xxxxxxxx
In-reply-to: <CAL9jLaYfysKm7qrG=+jq7zV=5ODnSX-tAhBAiTU7SzYF-YmcGw@mail.gmail.com>
References: <977CA53D-7F72-4443-9DE2-F75F7A7C1569@strayalpha.com> <d6deb7af-99dd-9013-2722-8ebbe00c0b37@si6networks.com> <1CB13135-D87A-4100-8668-D761058E1388@strayalpha.com> <0f56c25d-7ac7-e534-4e2c-cc09f5154e77@foobar.org> <28EDE667-457E-4AED-8480-F27ECAA8E985@strayalpha.com> <6bd1ec94-f420-1f4c-9254-941814704dbb@gmail.com> <6be84ccf-9a72-2694-e19d-fa19043a0cb1@huitema.net> <4C249487-BD58-41BB-B8B6-081323E29F6C@strayalpha.com> <20181126075746.GO72840@Space.Net> <6C50775C-EB67-4236-93B8-DF0259E04167@strayalpha.com> <20181126175336.GW72840@Space.Net> <c959d8cb6f6a04a8da8318cfa89da341@strayalpha.com> <2425355d-e7cc-69dd-5b5d-78966056fea7@foobar.org> <C4D47788-0F3D-4512-A4E3-11F3E6EC230B@strayalpha.com> <8d3d3b05-ecc3-ad54-cb86-ffe6dc4b4f16@gmail.com> <C929A8B9-D65C-4EF7-9707-2238AE389BE3@strayalpha.com> <CAL9jLaY4h75KK4Bh-kZC6-5fJupaNdUfm1gK2Dg99jBntMCEyQ@mail.gmail.com> <C47149DC-CAF2-449F-8E18-A0572BBF4746@strayalpha.com> <CAL9jLaYfysKm7qrG=+jq7zV=5ODnSX-tAhBAiTU7SzYF-YmcGw@mail.gma il.com>

On Dec 4, 2018, at 8:11 PM, Christopher Morrow <morrowc.lists@xxxxxxxxx> wrote:

That works only for HBH options of type 00. Others require particular actions when not supported.

can you expand on this some?

Nobody deprecated the flags that require HBH options to be processed or dropped if not supported.

And if there is a security risk to the control plane, it is using that place for slow path processing without properly limiting its use of shared resources.

This idea that packets processed as intended are a security risk is like saying big packets are a security risk to small packets. It may be a bad design but it doesn’t mean such packets are inherently a security risk.

Joe

Follow-Ups:
- Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Christopher Morrow
- Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Brian E Carpenter

References:
- Re: Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Joe Touch
- Re: Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Fernando Gont
- Re: Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Joe Touch
- Re: Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Nick Hilliard
- Re: [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Joe Touch
- Re: [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Brian E Carpenter
- Re: [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Christian Huitema
- Re: [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Nick Hilliard
- Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Joe Touch
- Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Stewart Bryant
- Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
  - From: Christopher Morrow

Prev by Date: Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
Next by Date: Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
Previous by thread: Re: [OPSEC] [Tsv-art] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
Next by thread: Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
Index(es):
- Date
- Thread

[Index of Archives] [IETF Annoucements] [IETF] [IP Storage] [Yosemite News] [Linux SCTP] [Linux Newbies] [Mhonarc] [Fedora Users]