[prev in list] [next in list] [prev in thread] [next in thread]
List: ipng
Subject: when Inserting Extension Headers
From: Michael Richardson <mcr+ietf () sandelman ! ca>
Date: 2016-04-29 17:08:29
Message-ID: 11019.1461949709 () obiwan ! sandelman ! ca
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
If we decide that it's okay insert extension headers, then I suggest that
only extension headers that have a Option Type top-two-bits that are
"01" should be insertable.
The third bit, mutable, MUST be set, I think.
(You may be able to convince me that it should "11" rather than "01")
My logic is that current devices that observe 2460 will drop packets with
this Option Type, which is a really good defense against that header that was
inserted, failing to be removed.
Second, newer devices that observe 2460bis, could instead of dropping that
extension, could rather remove/omit that extension header completely. This
would probably permit AH to continue to work even if the header wasn't
removed.
(I'd love to also change the behaviour of AH so that one would ignore AH
headers if one hasn't got a matching SPI#. That's what kept us from using AH
to secure ND back in the SEND days)
The LLN uses of insertable extension headers benefit greatly by inserting
what they need, and not worrying about removing things before they get to the
host.
=====
And, it seems that "10", which creates ICMP Parameter Problem messages
for multicast destinations, allows for amplication attacks, and we should
deprecate that behaviour, period.
--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
["signature.asc" (application/pgp-signature)]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic