[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipng
Subject:    Re: AUTH48 changes to draft-ietf-6man-rfc6434-bis-09
From:       Tim Chown <Tim.Chown () jisc ! ac ! uk>
Date:       2019-01-02 12:52:20
Message-ID: 6AD6AED9-9436-4441-B93D-F6954FFD6F64 () jisc ! ac ! uk
[Download RAW message or body]

> On 20 Dec 2018, at 18:16, Bob Hinden <bob.hinden@gmail.com> wrote:
> 
> Carsten,
> 
> > On Dec 20, 2018, at 9:35 AM, Carsten Bormann <cabo@tzi.org> wrote:
> > 
> > On Dec 20, 2018, at 07:20, Suresh Krishnan <suresh.krishnan@gmail.com> wrote:
> > > 
> > > NEW:
> > > 
> > > As per RFC 6980, hosts MUST NOT employ IPv6 fragmentation for sending any of \
> > > the following Neighbor Discovery and SEcure Neighbor Discovery messages: \
> > > Neighbor Solicitation, Neighbor Advertisement, Router Solicitation, Router \
> > > Advertisement, Redirect, or Certification Path Solicitation.
> > 
> > Is it intentional that this places a requirement only on senders, not on \
> > receivers? It's the receivers that are subject to the attacks enabled by \
> > fragmentation, so they are the ones that would need to ignore fragmented ND \
> > messages.
> 
> Good point, RFC6980 describes senders and receivers.   Maybe something like:
> 
> As specified in RFC 6980, nodes MUST NOT employ IPv6 fragmentation for sending any \
> of the following Neighbor Discovery and SEcure Neighbor Discovery messages: \
> Neighbor Solicitation, Neighbor Advertisement, Router Solicitation, Router \
> Advertisement, Redirect, or Certification Path Solicitation.  Nodes MUST silently \
> ignore any of these messages on receipt if fragmented.  See RFC 6980 for details \
> and motivation.

Looks good to me.

Tim
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]