Re: Re: [Fwd: I-D Action: draft-carpenter-6man-ext-transmit-01.txt]

2012-11-27 Thread Mark Smith
Subject: Re: Re: [Fwd: I-D Action: draft-carpenter-6man-ext-transmit-01.txt] +1. If anyone wants to be able to guarantee blocking any ability to construct a covert channel over a communication path, then they should probably employ a messaging protocol that is fully defined from the ground

Re: Re: [Fwd: I-D Action: draft-carpenter-6man-ext-transmit-01.txt]

2012-11-26 Thread Ray Hunter
+1. If anyone wants to be able to guarantee blocking any ability to construct a covert channel over a communication path, then they should probably employ a messaging protocol that is fully defined from the ground up using a formal grammar. Then they could check all (application level) messages

Re: [Fwd: I-D Action: draft-carpenter-6man-ext-transmit-01.txt]

2012-11-20 Thread Brian E Carpenter
On 20/11/2012 07:53, Marc Lampo wrote: Hello Joel, do you mean that because there are already other possibilities for covert channels, this WG should not bother if its work creates yet another one ? In the book IPv6 Security, lower half of page 32, (ISBN-10: 1-58705-594-5 - ISBN-13:

Re: [Fwd: I-D Action: draft-carpenter-6man-ext-transmit-01.txt]

2012-11-20 Thread Joel M. Halpern
Yes, I think that having the IETF attempt to define rules for avoiding covert channels in IPv6 packets is actively counter-productive. It impedes innovation without providing a meaningful increase in security. Yours, Joel On 11/20/2012 2:53 AM, Marc Lampo wrote: Hello Joel, do you mean

Re: [Fwd: I-D Action: draft-carpenter-6man-ext-transmit-01.txt]

2012-11-19 Thread Marc Lampo
Hello, (didn't see summary of discussion in Atlanta yet, so bear with me if I would repeat something brought in there) (and my appologies for the long email) Paragraph 4 of the Introduction states : The main reason for this is that some firewalls attempt to inspect the transport header or

Re: [Fwd: I-D Action: draft-carpenter-6man-ext-transmit-01.txt]

2012-11-19 Thread Brian E Carpenter
Hi Marc, thanks for the comments. On 19/11/2012 10:54, Marc Lampo wrote: Hello, (didn't see summary of discussion in Atlanta yet, so bear with me if I would repeat something brought in there) (and my appologies for the long email) Paragraph 4 of the Introduction states : The main

Re: [Fwd: I-D Action: draft-carpenter-6man-ext-transmit-01.txt]

2012-11-19 Thread Joel M. Halpern
Taking things out of order: If you are really going to lock covert channels, then you will have to block HTTPS except to known sites (and check the hostname against the IP address, etc...) That has not, and I hope is not, and acceptable design space for the IETF. With regard to unknown

Re: [Fwd: I-D Action: draft-carpenter-6man-ext-transmit-01.txt]

2012-11-19 Thread Marc Lampo
Hello Joel, do you mean that because there are already other possibilities for covert channels, this WG should not bother if its work creates yet another one ? In the book IPv6 Security, lower half of page 32, (ISBN-10: 1-58705-594-5 - ISBN-13: 978-1-58705-594-2) the authors refer to the

[Fwd: I-D Action: draft-carpenter-6man-ext-transmit-01.txt]

2012-11-13 Thread Brian E Carpenter
Updated after the discussions in Atlanta. More discussion wanted... Original Message Subject: I-D Action: draft-carpenter-6man-ext-transmit-01.txt Date: Tue, 13 Nov 2012 02:38:38 -0800 From: internet-dra...@ietf.org Reply-To: internet-dra...@ietf.org To: i-d-annou...@ietf.org