On Jun 16, 2011, at 1:44 PM, Jean-Michel Combes wrote:
> Hi Arturo,
>
> at first, thanks for your reply.
>
> 2011/6/16 Arturo Servin :
>> Jean-Michel,
>>
>> On 16 Jun 2011, at 14:13, Jean-Michel Combes wrote:
>>
>
> [snip]
>
>>>
>>> o draft-gont-6man-nd-extension-headers
>>>
>>> IMHO, thi
Hi Arturo,
at first, thanks for your reply.
2011/6/16 Arturo Servin :
> Jean-Michel,
>
> On 16 Jun 2011, at 14:13, Jean-Michel Combes wrote:
>
[snip]
>>
>> o draft-gont-6man-nd-extension-headers
>>
>> IMHO, this is not a good idea to forbid the use of IPv6 extension with
>> NDP messages, especi
On 6/14/2011 5:32 PM, Stephen Farrell wrote:
Hi Joe,
Fair point about the draft-gont document. I've taken it out
for now.
Which was the 6man I-D you meant?
The one ref'd inside the draft-gont-v6ops doc - it's draft-gont-6man...
There aren't issues with the draft-ietf-6man docs.
Joe
The
Hi, all,
It'd be useful to wait until these docs (this v6ops one and the 6man one
it refers) are adopted by the relevant WGs before noting them in
recommendations to external parties, IMO.
Some of the recommendations in these documents are akin to "if I didn't
expect it, it's an attack", whi
On 14/06/2011 02:23, Fernando Gont wrote:
This is something that vendors should answer. As long as there are
implementations that may try DHCPv6 even if no RA is received, DHCPv6
should be implemented/deployed along RA-Guard, or else attackers will
switch to teh DHCPv6 vector, and RA-Guard will b
On 14/06/2011 00:09, Stephen Farrell wrote:
* RFC 6105 – "IPv6 Router Advertisement Guard"
* RFC 6106 – "IPv6 Router Advertisement Options for DNS
Configuration", §7 in particular.
maybe mention draft-gont-v6ops-ra-guard-evasion? It's not a strategic
focused document, but giv
Stephen:
Comments below.
Russ
> From: IETF Security Area
> To: Study Group 17, Questions 2 and 3
> Title: Work on Security of IPv6
>
> FOR ACTION
>
> The IETF thanks Study Group 17 for its liaison LS-206 "Liaison on IPv6
> security issues". As the world transitions to IPv6, new opportunitie
On 10/06/2011 22:51, Fernando Gont wrote:
* This results in a RA-Guard implementation that is as simple as
possible (it only has to look at the header following the fixed IPv6
header).
dhcpv6 suffers from exactly the same problem. Are there plans to introduce
dhcpv6-guard?
Nick
Jean-Michel,
On 16 Jun 2011, at 14:13, Jean-Michel Combes wrote:
> Hi,
>
> I've read quickly these two drafts. Here are some comments/questions:
>
> o draft-gont-v6ops-ra-guard-evasion
>
> IMHO, this draft should update RFC 6105 (If so, RFC6105 reference
> should move from Informative Referenc
Hi,
Regarding DHCP SAVI, this is not the main goal of this solution but a
side effect.
Best regards.
JMC.
2011/6/14 Mikael Abrahamsson :
> On Mon, 13 Jun 2011, Ted Lemon wrote:
>
>> On Jun 13, 2011, at 3:38 PM, Nick Hilliard wrote:
>>>
>>> dhcpv6 suffers from exactly the same problem. Are ther
Hi,
I've read quickly these two drafts. Here are some comments/questions:
o draft-gont-v6ops-ra-guard-evasion
IMHO, this draft should update RFC 6105 (If so, RFC6105 reference
should move from Informative References section to the Normative
References one).
Just a comment about your example for
IPv6 6MAN WG,
I take advantage of this AD message to post comments about this draft.
Le 11/06/2011 00:46, Jari Arkko a écrit :
[...]
In very specific cases, IPv6-in-IPv6 tunneling may be undesirable
due to the added cost and complexity required to process and carry
a datagram with two IPv6 hea
12 matches
Mail list logo
