Re: [6MAN] UDP+Fragmentation

2013-09-26 Thread Fernando Gont
On 09/26/2013 02:02 PM, Warren Kumari wrote: >>> There has also been discussion that for things like routers you >>> can just do X to protect the device control plane / only care >>> about traffic directed to the device itself. >> >> Agreed. But, isn't that orthogonal to the discussion regarding >

Re: [6MAN] UDP+Fragmentation (was: "Deprecate")

2013-09-26 Thread Warren Kumari
On Sep 25, 2013, at 3:38 PM, Fernando Gont wrote: > On 09/25/2013 02:32 PM, Warren Kumari wrote: >>> >>> Unless you have a very sloppy IPv6 implementation (that does not >>> enforce limits on the maximum number of queued fragments), an >>> attacker will only be able to DoS communication instanc

Re: [6MAN] UDP+Fragmentation (was: "Deprecate")

2013-09-25 Thread Fernando Gont
On 09/25/2013 02:32 PM, Warren Kumari wrote: >> >> Unless you have a very sloppy IPv6 implementation (that does not >> enforce limits on the maximum number of queued fragments), an >> attacker will only be able to DoS communication instances (e.g. TCP >> connections) that employ fragmentation. Suc

Re: [6MAN] UDP+Fragmentation (was: "Deprecate")

2013-09-25 Thread Warren Kumari
On Sep 23, 2013, at 1:15 PM, Fernando Gont wrote: > On 09/23/2013 12:57 AM, C. M. Heard wrote: >> >> There are two issues that Warren's comments brought to the fore: >> >> 1.) One of the reasons why operators block fragments is that if >>fragments are allowed into one's network, it is rel

RE: [6MAN] UDP+Fragmentation (was: "Deprecate")

2013-08-28 Thread Templin, Fred L
Hi Mike, > -Original Message- > From: ipv6-boun...@ietf.org [mailto:ipv6-boun...@ietf.org] On Behalf Of > C. M. Heard > Sent: Tuesday, August 27, 2013 7:08 PM > To: IPv6 > Subject: Re: [6MAN] UDP+Fragmentation (was: "Deprecate") > > On Tue, 27 Aug 2013,

Re: [6MAN] UDP+Fragmentation (was: "Deprecate")

2013-08-27 Thread C. M. Heard
On Tue, 27 Aug 2013, Warren Kumari wrote: > Apologies if I missed it and this was already discussed -- for > some reason my MUA is refusing to thread this conversation > correctly and so I'm reading thing all out of order? Ah, an operations person joining the discussion! Thank you! > I have so

Re: [6MAN] UDP+Fragmentation (was: "Deprecate")

2013-08-27 Thread Mark Andrews
Warren can you please fix your MUA to generate legal To: lines. "To: C. M. Heard " is not legal a legal To: line. repl: bad addresses: C. M. Heard -- no at-sign after local-part (<) In message <58a2cce5-4eab-4d80-8a97-5f0e2...@kumari.net>, Warren Kumari wri tes: > > On Aug 27, 2013,

Re: [6MAN] UDP+Fragmentation (was: "Deprecate")

2013-08-27 Thread Warren Kumari
On Aug 27, 2013, at 12:37 AM, C. M. Heard wrote: > Greetings, > > Upon reflection, I have come to the conclusion that the proposal in > draft-andrews-6man-fragopt (or a variant thereof) is a much better > solution to the problems with IPv6 fragmentation than the UDP > segmentation scheme I p