[prev in list] [next in list] [prev in thread] [next in thread]
List: ipng
Subject: Re: AUTH48 changes to draft-ietf-6man-rfc6434-bis-09
From: Tim Chown <Tim.Chown () jisc ! ac ! uk>
Date: 2019-01-02 12:52:20
Message-ID: 6AD6AED9-9436-4441-B93D-F6954FFD6F64 () jisc ! ac ! uk
[Download RAW message or body]
> On 20 Dec 2018, at 18:16, Bob Hinden <bob.hinden@gmail.com> wrote:
>
> Carsten,
>
> > On Dec 20, 2018, at 9:35 AM, Carsten Bormann <cabo@tzi.org> wrote:
> >
> > On Dec 20, 2018, at 07:20, Suresh Krishnan <suresh.krishnan@gmail.com> wrote:
> > >
> > > NEW:
> > >
> > > As per RFC 6980, hosts MUST NOT employ IPv6 fragmentation for sending any of \
> > > the following Neighbor Discovery and SEcure Neighbor Discovery messages: \
> > > Neighbor Solicitation, Neighbor Advertisement, Router Solicitation, Router \
> > > Advertisement, Redirect, or Certification Path Solicitation.
> >
> > Is it intentional that this places a requirement only on senders, not on \
> > receivers? It's the receivers that are subject to the attacks enabled by \
> > fragmentation, so they are the ones that would need to ignore fragmented ND \
> > messages.
>
> Good point, RFC6980 describes senders and receivers. Maybe something like:
>
> As specified in RFC 6980, nodes MUST NOT employ IPv6 fragmentation for sending any \
> of the following Neighbor Discovery and SEcure Neighbor Discovery messages: \
> Neighbor Solicitation, Neighbor Advertisement, Router Solicitation, Router \
> Advertisement, Redirect, or Certification Path Solicitation. Nodes MUST silently \
> ignore any of these messages on receipt if fragmented. See RFC 6980 for details \
> and motivation.
Looks good to me.
Tim
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic