Hello;
On Feb 26, 2009, at 3:16 PM, Suresh Krishnan wrote:
Hi Marshall,
I had a quick glance over the draft and I am not convinced that it
will handle a certain class of errors.
Consider that the UDP header of the encapsulating IPv6 packet gets
corrupted and the destination port gets changed to say 2280 from the
AMT port (2268). This error will never be detected by the receiver
and the receiver will not be able to decapsulate the multicast
packet and send it on its way. If the UDP checksum was properly
calculated, this error would have been detected.
But, if the checksum was there, wouldn't the packet be dropped ? So
isn't the result a dropped packet
anyway ?
We thought about security issues here (suppose a man in the middle
attack changes the port to, say, 80), but
we couldn't figure out a security issue that the attacker couldn't
just do anyway (they don't need AMT to throw
random packets to port 80, and could recalculate the checksum if it
were used anyway).
Regards
Marshall
Cheers
Suresh
On 25/02/09 02:35 PM, Marshall Eubanks wrote:
I haven't seen any discussion of this on this list - there has been
some on MBONED.
So far, we have as users for this flexibility
AMT (the original need)
LISP and
(According to Dave Thaler) maybe UDP-ESP (RFC 3948) across a NAT64.
If people here have comments on these uses, or know of other uses,
please comment
on this list. Of course, any and all other comments, suggestions,
or brickbats will be welcomed.
Regards
Marshall
P.S. Please note that this draft was largely written by Philip
Chimento. I don't know how the XML process
lead to me being the only author - this will be fixed in the next
round.
Begin forwarded message:
From: Brian Haberman <br...@innovationslab.net>
Date: February 24, 2009 8:21:19 AM EST
To: mbo...@ietf.org
Subject: [MBONED] [Fwd: I-D Action:draft-eubanks-
chimento-6man-00.txt]
All,
Here is the draft that proposes to loosen the UDP checksum rule
for IPv6. I would appreciated if discussions of this draft occur
on the 6MAN mailing list (ipv6@ietf.org).
Regards,
Brian
-------- Original Message --------
Subject: I-D Action:draft-eubanks-chimento-6man-00.txt
Date: Mon, 23 Feb 2009 10:45:01 -0800 (PST)
From: internet-dra...@ietf.org
Reply-To: internet-dra...@ietf.org
To: i-d-annou...@ietf.org
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
Title : UDP Checksums for Tunneled Packets
Author(s) : M. Eubanks
Filename : draft-eubanks-chimento-6man-00.txt
Pages : 7
Date : 2009-02-23
We address the problem of computing the UDP checksum on tunneling
IPv6 packets when using lightweight tunneling protocols.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-eubanks-chimento-6man-00.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
_______________________________________________
MBONED mailing list
mbo...@ietf.org
https://www.ietf.org/mailman/listinfo/mboned
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------