Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The choices below don’t include declaring this a security risk and turning it off.

If you want to change the standard, do so. But this isn’t a step isn’t that direction. And the previous attempts only show why IPv6 has adoption problems.

The standard can still be changed, but regardless, this simply is not a security issue and shouldn’t be sold as one.

Joe

> On Dec 5, 2018, at 4:48 AM, Nick Hilliard <nick@xxxxxxxxxx> wrote:
> 
> Joe Touch wrote on 05/12/2018 12:13:
>> Then THAT is the security issue..  Not the packets that cause a broken implementation to have problems.
> 
> In this specific case:
> 
> 1. the protocol definition states that HBH packets should be processed per intermediate node.
> 
> 2. even small routers can now handle terabits of data plane throughput.
> 
> What do we do?
> 
> 1. declare that these routers should be able to process terabits of HBH packets (or experimental EHs because we don't know whether experimental EHs are required to be processed HBH or by end points only).
> 
> 2. formally drop the requirement for intermediate routers to process HBH headers
> 
> 3. build routers which will take some HBH headers at low packet rates and drop the rest (+ update rfcs to make this formally compliant).
> 
> 4. something else.
> 
> Nick





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux