After reviewing the adoption call comments, the chairs have decided not
to adopt draft-gont-ipv6-smurf-amplifier.
- We have not seen strong working group support for working on the draft.
- We are not convinced that the problem the draft sets out to resolve is worth
fixing
given that multicast R
Hi
On 9/4/2013 4:28 AM, Ole Troan wrote:
Fernando,
would that be other nodes than yourself and nodes on the same link
as yourself?
I guess in some scenarios it might be tricky.
For instance, even with link-local only multicast (as that used for
ND), you can send a packet to a link-local mul
It's a bit late for the call on adoption, but FWIW I support Fernando.
Tom Taylor
On 03/09/2013 8:44 PM, Fernando Gont wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/02/2013 07:34 AM, Ole Troan wrote:
If you read chapter 5 it starts out by explaining how RPF check
is always done
Fernando,
> > would that be other nodes than yourself and nodes on the same link
> > as yourself?
>
> I guess in some scenarios it might be tricky.
>
> For instance, even with link-local only multicast (as that used for
> ND), you can send a packet to a link-local multiast address, but
> sourced
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/02/2013 07:34 AM, Ole Troan wrote:
>>>
>>> If you read chapter 5 it starts out by explaining how RPF check
>>> is always done for multicast.
>>>
>>> Due to the RPF check, the possibility of spoofing is
>>> significantly reduced. Just like it is
Fernando,
>> I'm not sure if this attack is all that serious since there is
>> always an RPF check for multicast.
>>
>> As it says in the draft:
>>
>> It should be noted that if the multicast RPF check is used (e.g.
>> to prevent routing loops), this would prevent an attacker from
>>
Resending as the IETF list had some drops the last few days.
-Vishwas
On Wed, Aug 28, 2013 at 4:37 PM, Vishwas Manral wrote:
> Hi folks,
>
> I have read the document. I see the issue recognized as a genuine gap.
>
> I would love to see the document through, also look more deeply into the
> IPv6
On 08/28/2013 02:38 PM, Stig Venaas wrote:
>
> I'm not sure if this attack is all that serious since there is
> always an RPF check for multicast.
>
> As it says in the draft:
>
> It should be noted that if the multicast RPF check is used (e.g.
> to prevent routing loops), this would
Hi
I'm not sure if this attack is all that serious since there is
always an RPF check for multicast.
As it says in the draft:
It should be noted that if the multicast RPF check is used (e.g.
to prevent routing loops), this would prevent an attacker from
forging the Source Addre
Dear all,
I have read draft-gont-6man-ipv6-smurf-amplifier-03 and believe the security
implications discussed and the suggestions for updating the two RFCs are
essential for security considerations, and the operational mitigations proposed
in the document provide good choices for design. I suppo
Le 2013-08-23 09:55, Ole Troan a écrit :
> This message starts a one week 6MAN Working Group call on adopting:
>
> Title : Security Implications of IPv6 Options of Type 10xx
> Author(s): F. Gont, W. Liu
> Filename: draft-gont-6man-ipv6-smurf-amplifier-03
>
All,
This message starts a one week 6MAN Working Group call on adopting:
Title : Security Implications of IPv6 Options of Type 10xx
Author(s): F. Gont, W. Liu
Filename: draft-gont-6man-ipv6-smurf-amplifier-03
Pages: 12
Date
12 matches
Mail list logo
