Hi,
On Thu, Jul 27, 2017 at 03:38:15PM +0200, Philip Homburg wrote:
> The TTL hack is used in ND.
Because ND uses GUAs (which it should have never done in the first place).
> It strikes me as really bad for security to come
> up with a different mechanism to achieve the same result for no other
>>> Yeah, the so-called "TTL hack".
>
>> Care to explain why it would not be useful?
>
>At the time I wrote down Babel, I decided that given that we have link-local
>addresses that are securely scoped to a single link, the TTL hack is not
>necessary.
The TTL hack is used in ND. It strikes me as
>> Yeah, the so-called "TTL hack".
> Care to explain why it would not be useful?
At the time I wrote down Babel, I decided that given that we have link-local
addresses that are securely scoped to a single link, the TTL hack is not
necessary.
A workaround to the issue you describe would be to c
>Yeah, the so-called "TTL hack".
Care to explain why it would not be useful?
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet
In your letter dated Wed, 26 Jul 2017 20:49:10 +0200 you wrote:
>> Historically, a popular brand of router would forward packets with LL source
>.
>
>"Historically"? Has this been fixed?
I wanted to give them the benefit of the doubt. Sometimes they do fix a bug
and I didn't want to spend any tim
> Yeah, the so-called "TTL hack". I considered that for Babel back when it
> was being designed, then decided that it is useful in an IPv6 world.
This was meant to say "not useful", of course.
___
homenet mailing list
homenet@ietf.org
https://www.ietf.
> A trick used in some places, such as ND, is to require the receiver to check
> that the hop limit is equal to 255. This ensures that the packet has not
> been forwarded by any router (obviously the sender also has to send it with
> a hop limit of 255).
Yeah, the so-called "TTL hack". I consider
Hi,
On Wed, Jul 26, 2017 at 11:47:01AM +0200, Philip Homburg wrote:
> Historically, a popular brand of router would forward packets with LL source.
"Historically"? Has this been fixed?
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG
>Nasty comments on list, please, compliments by private mail ;-)
A trick used in some places, such as ND, is to require the receiver to check
that the hop limit is equal to 255. This ensures that the packet has not
been forwarded by any router (obviously the sender also has to send it with
a hop l
> ...one might recommend starting with "an upper-layer security protocol"
> such as CMS, COSE, JOSE or some other layer-3 encapsulation.
We're planning to use DTLS for both HNCP and Babel.
But the authentication mechanism is not our main concern. This being
Homenet, we need to generate keys au
> On Jul 25, 2017, at 1:27 PM, Juliusz Chroboczek wrote:
>
> Dear all,
>
> All security wizards are kindly requested to carefully read and if
> necessary criticise the following section:
>
> https://tools.ietf.org/html/draft-ietf-homenet-babel-profile-02#section-4
Based on this paragraph...
On 25/07/2017 22:58, Stephen Farrell wrote:
> I suggest asking the chairs to hit the "request directorate" review
> (iirc only they can see that button?) for an early secdir review.
Good idea - I've just done this.
Ray
___
homenet mailing list
homen
> 1) The first sentence seems to not say what to do if a packet comes
> from a 1918 IPv4 address. Even if that's not supposed to happen, it
> could be attempted. What's an implementation supposed to do then?
Both HNCP and Babel use IPv6 for carrying control data. There's no way an
IPv4 packet can
Hiya,
I suggest asking the chairs to hit the "request directorate" review
(iirc only they can see that button?) for an early secdir review.
For myself, I've not read the draft yet (I will over the next few
weeks) but have two questions while I'm here:
1) The first sentence seems to not say what
Dear all,
All security wizards are kindly requested to carefully read and if
necessary criticise the following section:
https://tools.ietf.org/html/draft-ietf-homenet-babel-profile-02#section-4
Nasty comments on list, please, compliments by private mail ;-)
Thanks,
-- Juliusz
__
15 matches
Mail list logo