Subject: Re: Re: [Fwd: I-D Action: draft-carpenter-6man-ext-transmit-01.txt]
+1.
If anyone wants to be able to guarantee blocking any ability to
construct a covert channel over a communication path, then they should
probably employ a messaging protocol that is fully defined from the
ground
+1.
If anyone wants to be able to guarantee blocking any ability to
construct a covert channel over a communication path, then they should
probably employ a messaging protocol that is fully defined from the
ground up using a formal grammar. Then they could check all (application
level) messages
On 20/11/2012 07:53, Marc Lampo wrote:
Hello Joel,
do you mean that
because there are already other possibilities for covert channels,
this WG should not bother if its work creates yet another one ?
In the book IPv6 Security, lower half of page 32,
(ISBN-10: 1-58705-594-5 - ISBN-13:
Yes, I think that having the IETF attempt to define rules for avoiding
covert channels in IPv6 packets is actively counter-productive. It
impedes innovation without providing a meaningful increase in security.
Yours,
Joel
On 11/20/2012 2:53 AM, Marc Lampo wrote:
Hello Joel,
do you mean
Hello,
(didn't see summary of discussion in Atlanta yet,
so bear with me if I would repeat something brought in there)
(and my appologies for the long email)
Paragraph 4 of the Introduction states :
The main reason for this is that some
firewalls attempt to inspect the transport header or
Hi Marc, thanks for the comments.
On 19/11/2012 10:54, Marc Lampo wrote:
Hello,
(didn't see summary of discussion in Atlanta yet,
so bear with me if I would repeat something brought in there)
(and my appologies for the long email)
Paragraph 4 of the Introduction states :
The main
Taking things out of order:
If you are really going to lock covert channels, then you will have to
block HTTPS except to known sites (and check the hostname against the IP
address, etc...) That has not, and I hope is not, and acceptable design
space for the IETF.
With regard to unknown
Hello Joel,
do you mean that
because there are already other possibilities for covert channels,
this WG should not bother if its work creates yet another one ?
In the book IPv6 Security, lower half of page 32,
(ISBN-10: 1-58705-594-5 - ISBN-13: 978-1-58705-594-2)
the authors refer to the
Updated after the discussions in Atlanta. More discussion wanted...
Original Message
Subject: I-D Action: draft-carpenter-6man-ext-transmit-01.txt
Date: Tue, 13 Nov 2012 02:38:38 -0800
From: internet-dra...@ietf.org
Reply-To: internet-dra...@ietf.org
To: i-d-annou...@ietf.org