[prev in list] [next in list] [prev in thread] [next in thread]
List: ipng
Subject: Re: moving towards draft-ietf-ipv6-deprecate-rh0-01
From: Bob Hinden <bob.hinden () NOKIA ! COM>
Date: 2007-05-25 20:52:12
Message-ID: 4AE5BDCC-D801-4B1F-BDB8-7CC122A043DC () nokia ! com
[Download RAW message or body]
Jinmei,
[with no hats on]
> So, for example, the abstract of the 00 text seems to overstate the
> issue:
>
> The functionality provided by IPv6's Type 0 Routing Header can be
> exploited in order to perform remote network discovery, to bypass
> firewalls and to achieve packet amplification for the purposes of
> generating denial-of-service traffic. [...]
>
> I'd rephrase this so that we can concentrate on the exact problem:
>
> The functionality provided by IPv6's Type 0 Routing Header can be
> exploited in order to achieve packet amplification for the purposes
> of generating denial-of-service traffic. This document updates the
> IPv6 specification to deprecate the use of IPv6 Type 0 Routing
> Headers, in the light of the severity of this security concern.
I agree that we should be clear about the problem and think your
proposed text does that well.
>> 2. More precise description of what deprecate means in the context of
>> this document.
>
> Yes, this would be good. I assume this also intends to clarify more
> details about the processing behavior described in Section 3.2, e.g.
>
> - what the receiving node should do if it receives a packet containing
> RH0 with the segment left field being 0
> - whether or not ICMPv6 error is returned when a node receives a
> packet containing RH0
I also agree that spelling this out in more detail as you suggest is
a good idea.
Bob
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic