On 09/26/2013 02:02 PM, Warren Kumari wrote:
>>> There has also been discussion that for things like routers you
>>> can just do X to protect the device control plane / only care
>>> about traffic directed to the device itself.
>>
>> Agreed. But, isn't that orthogonal to the discussion regarding
>
On Sep 25, 2013, at 3:38 PM, Fernando Gont wrote:
> On 09/25/2013 02:32 PM, Warren Kumari wrote:
>>>
>>> Unless you have a very sloppy IPv6 implementation (that does not
>>> enforce limits on the maximum number of queued fragments), an
>>> attacker will only be able to DoS communication instanc
On 09/25/2013 02:32 PM, Warren Kumari wrote:
>>
>> Unless you have a very sloppy IPv6 implementation (that does not
>> enforce limits on the maximum number of queued fragments), an
>> attacker will only be able to DoS communication instances (e.g. TCP
>> connections) that employ fragmentation. Suc
On Sep 23, 2013, at 1:15 PM, Fernando Gont wrote:
> On 09/23/2013 12:57 AM, C. M. Heard wrote:
>>
>> There are two issues that Warren's comments brought to the fore:
>>
>> 1.) One of the reasons why operators block fragments is that if
>>fragments are allowed into one's network, it is rel
Hi Mike,
> -Original Message-
> From: ipv6-boun...@ietf.org [mailto:ipv6-boun...@ietf.org] On Behalf Of
> C. M. Heard
> Sent: Tuesday, August 27, 2013 7:08 PM
> To: IPv6
> Subject: Re: [6MAN] UDP+Fragmentation (was: "Deprecate")
>
> On Tue, 27 Aug 2013,
On Tue, 27 Aug 2013, Warren Kumari wrote:
> Apologies if I missed it and this was already discussed -- for
> some reason my MUA is refusing to thread this conversation
> correctly and so I'm reading thing all out of order?
Ah, an operations person joining the discussion! Thank you!
> I have so
Warren can you please fix your MUA to generate legal To: lines.
"To: C. M. Heard " is not legal a legal To: line.
repl: bad addresses:
C. M. Heard -- no at-sign after local-part (<)
In message <58a2cce5-4eab-4d80-8a97-5f0e2...@kumari.net>, Warren Kumari wri
tes:
>
> On Aug 27, 2013,
On Aug 27, 2013, at 12:37 AM, C. M. Heard wrote:
> Greetings,
>
> Upon reflection, I have come to the conclusion that the proposal in
> draft-andrews-6man-fragopt (or a variant thereof) is a much better
> solution to the problems with IPv6 fragmentation than the UDP
> segmentation scheme I p