Joel, Dino:
Not doing source address checks is not hurting just you as a receiver, but also
whoever gets the response packet. It is hurting the rest of the Internet.
Basically, a way to circumvent all the ingress filtering that exists in the
Internet today.
Note that I was not suggesting a MUST. I understand that the implementation may
be costly, and that is why I was suggesting a SHOULD.
Jari
On 27.10.2011 20:55, Joel M. Halpern wrote:
Given that, as far as I can tell, failing to perform the source checks leaves
the site using the weak ETR at risk, but does not harm anyone else,
and given that this is experimental,
it seems sufficient to leave the text the way it is.
Yours,
Joel
On 10/27/2011 1:04 PM, Dino Farinacci wrote:
On Oct 23, 2011, at 5:13 AM, Jari Arkko wrote:
...
Second, I wish you would have specified the source address checks better. Are
there situations where you would NOT want to make a pretty strict test, i.e.,
that source EID maps to source RLOC?
Because this is work still in progress.
I understand that, but accepting tunnel packets without this validation just
seems pretty open to attacks. And this is not just about LISP. In general,
every IETF technique that comes out may have vulnerabilities that cause trouble
not just for that technology but also for other things in the Internet. I'm
worried that this coyld be an attack vector to attack other things in the
Internet in the future. Can we agree on a middle ground, e.g., make the MAY a
SHOULD? I'd be much happier with that…
I hear you loud and clear. But no one may implement this beacuse it is hard and
expensive. We need to solve it another way and we are not ready to document it
yet.
Dino
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
