On Sun, May 28, 2023 at 10:13 AM Andrew Campling
wrote:
>
> On Sat, May 27, 2023 at 11:05 PM Tom Herbert wrote:
>
> > Application developers and stack developers are also players in this
> > game. And while each network provider might have the luxury of only
> > foc
On Sat, May 27, 2023 at 2:16 PM Manfredi (US), Albert E
wrote:
>
> -Original Message-
> From: Tom Herbert
>
> > Correct, that's the fundamental problem. When public network providers
> > apply ad hoc protocol filtering, that limits the capabilities and
On Fri, May 26, 2023 at 4:26 PM Manfredi (US), Albert E
wrote:
>
> -Original Message-
> From: ipv6 On Behalf Of Tom Herbert
>
> > And IETF exists for the good of the Internet and the world's population,
> > not so your company can make money!
>
&g
On Fri, May 26, 2023 at 1:44 PM Fernando Gont wrote:
>
>
>
> On 26/5/23 18:01, Tom Herbert wrote:
> > On Fri, May 26, 2023 at 8:12 AM Fernando Gont wrote:
> [...]
> >>
> >> That said, I'm not that fine if invited to a party where, if anything,
On Fri, May 26, 2023 at 2:13 AM Ole Troan wrote:
>
> > A well-implemented host will not be troubled by unkown extension headers or
> > options.
> >
> > Indeed. However, not all hosts are well-implemented.
>
> "Not be troubled by” == “drop”?
> I don’t agree that a well-implemented host and applica
On Fri, May 26, 2023 at 8:12 AM Fernando Gont wrote:
>
> Hi, Haisheng Yu,
>
> On 26/5/23 06:14, Haisheng Yu (Johnson) wrote:
> []
> >
> > The essence of the extension header issue is determined by the
> > competition between operators and equipment vendors.For most internet
> > users, they rel
On Fri, May 26, 2023 at 8:38 AM Fernando Gont wrote:
>
> Hi, Warren,
>
> On 26/5/23 11:03, Warren Kumari wrote:
>
> >
> >
> > On Thu, May 25, 2023 at 11:13 PM, Brian E Carpenter
> > mailto:brian.e.carpen...@gmail.com>> wrote:
> >
> []
> >
> > A well-implemented host will not be troubled by
On Thu, May 25, 2023 at 1:34 PM Manfredi (US), Albert E
wrote:
>
> -Original Message-
> From: Tom Herbert
>
> > It's more than a preference to have host security, it is an absolute
> > requirement that each host provides security for its applications and
On Thu, May 25, 2023 at 7:05 AM nalini.elk...@insidethestack.com
wrote:
>
> Arnaud,
>
> First, nice to hear from you.
>
> Next, I think blocking EH without nuance or care is throwing out the baby
> with the bathwater.
>
> IMHO, if we have problems with EH because people have not carefully
> cons
On Wed, May 24, 2023 at 6:02 PM Manfredi (US), Albert E
wrote:
>
> -Original Message-
> From: ipv6 On Behalf Of Fernando Gont
>
> > Given the amount of things that get connected to the Net (smart bulbs,
> > refrigerators, etc.) -- and that will super-likely never receive security
> > up
On Mon, May 22, 2023 at 12:29 PM Fernando Gont wrote:
>
> Hi, David,
>
> On 22/5/23 18:05, David Farmer wrote:
> [...]
> >
> > I think that many of us are still reeling from default configuration of
> > certain "firewalls" that banks seemed like, which dropped packets
> > containing
>
On Mon, May 22, 2023 at 12:05 PM Fernando Gont wrote:
>
> Hi, Ole,
>
> On 22/5/23 15:36, Ole Troan wrote:
> [...]>>
> >> As a host and networking stack developer, I view the network and these
> >> arbitrary inconsistent security policies as the problem not as the
> >> solution to application and h
On Mon, May 22, 2023 at 10:09 AM Ole Troan
wrote:
>
> Nalini,
>
> >
> > Once bugs are fixed, then we need to consider carefully what BCP around EHs
> > should be done, taking into account various common topologies as well as
> > devices such as proxies and load balancers. I mention those in par
On Mon, May 22, 2023 at 9:35 AM nalini.elk...@insidethestack.com
wrote:
>
> Ole,
>
> >>> it might be time that we accept that this was a bad idea. Which
> >>> deployment status has confirmed.
>
> >> Is it your intent to submit a draft deprecating IPv6 Extension Headers?
>
> > Do you want me to?
>
On Mon, May 22, 2023 at 7:37 AM Ole Troan
wrote:
>
> Tom,
>
> > The problem is in public networks where the service provider acts as
> > "anonymous big brother" to enforce its concept of security to
> > "protect" the users. While I'm sure they'd like us to think that they
> > are acting for the be
On Mon, May 22, 2023 at 4:29 AM Andrew Campling
wrote:
>
> On 21-May-23 10:29 PM, Brian E Carpenter wrote:
>
> > And there's the problem. The operator of a large network cannot possibly
> > know which extension headers every host on the network needs. It's called
> > permissionless innovation, and
ont
>
> Sent: Thursday, May 18, 2023 2:19 pm
> To: David Farmer ; Tom Herbert
>
> Cc: 6...@ietf.org <6...@ietf.org>; V6 Ops List ; opsec WG
>
> Subject: Re: [OPSEC] [IPv6] Why folks are blocking IPv6 extension headers?
> (Episode 1000 and counting) (Linux DoS)
&
On Thu, May 18, 2023 at 6:17 AM Fernando Gont wrote:
>
> Hi, David,
>
> On 18/5/23 02:14, David Farmer wrote:
> >
> >
> > On Wed, May 17, 2023 at 13:57 Tom Herbert
> > > <mailto:40herbertland@dmarc.ietf.org>> wrote:
> [...]
> >
> &g
On Thu, May 18, 2023 at 6:10 AM Fernando Gont wrote:
>
> HI, Tom,
>
> On 17/5/23 19:56, Tom Herbert wrote:
>
> >
> > Fernando,
> >
> > There's an old saying phrased in the form of a question: "What is the
> > most secure network in the world?
On Wed, May 17, 2023 at 6:00 AM Fernando Gont wrote:
>
> Hi,
>
> I believe we've already covered the topic quite thoroughly in RFC 9098.
>
> But if you want yet another data point, FYI this is instance N++ of a
> DoS based on IPv6 EHs implementation flaws:
> https://www.interruptlabs.co.uk/article
Hello,
There's a couple of drafts that may be relevant to this.
Section 5.3 of draft-ietf-6man-rfc6434-bis describes how a host may
drop packets that contain to many options in an DO or HBH EH (i.e. a
mitigation against DOS attack).
draft-ietf-6man-icmp-limits describes ICMP errors that may be s
21 matches
Mail list logo