Hi Authors and the Int-area group,
I'm Cui Yong, just a dumb netadmin managing a campus network. I don't 
understand fancy protocol designs. But after reading your -01 draft, I can't 
sleep. I keep dreaming about hackers breaking into my network.
I'm just gonna lay out some simple truths as I see them.
1. Bringing back the ghost of RFC 4620?
I heard old-timers talk about RFC 4620. It did "Node Information Queries." Why 
did it die? Because it let anyone ask for the house keys (hostnames, IP lists). 
Now, your draft introduces Query Pre-Request​ in Section 3.3. It asks the 
target: "What can you tell me?"
This isn't security; it's handing hackers a menu for an all-you-can-eat buffet. 
Previously, they had to guess. Now, they just follow your standard interface to 
pillage my network.
2. The Pad Object in Section 7 is a joke
You say you added the Pad Object so the reply isn't bigger than the request, 
preventing amplification attacks.
But who cares about size? Even a tiny reply saying "I am Router A" is a leak!
You're so busy worrying about bandwidth that you ignore the fact that the crown 
jewels are being stolen. It's like worrying about a thief stealing the big TV 
while ignoring him pocketing the gold rings.
3. "Default Off" and "Whitelists" in Section 10 are self-deception
You say it's disabled by default and suggest prefix whitelists.
I laugh:

  *
I heard​ this is for IOAM. When the boss demands IOAM for monitoring, he'll 
force me to turn it on. "Default off" means nothing against "business 
requirements."
  *
Source IPs are easy to spoof inside a subnet. Whitelists are useless.
  *
You recommend IPsec. Seriously? Which of you geniuses is going to help me 
deploy certificates on tens of thousands of devices? You sit in AC-controlled 
offices; you don't know the pain of us small guys. If this standard passes, 
I'll be woken up at 3 AM to fix the fallout.

4. Section 8: Reinventing the wheel to avoid scrutiny?
You say you won't reuse RFC 4620​ or RFC 8335 (PROBE).
I figure it's because those are watched closely. You're building a new "green 
lane" that bypasses existing oversight.
5. The FCFS registry is a ticking time bomb
Section 9 says new objects are FCFS (First Come, First Served).
So tomorrow, someone can register an object to dump the routing table? Or the 
ARP cache? Today it's IOAM; tomorrow it's a full network map. You've removed 
the lock on the door and told me, "Don't worry, the door frame is still there!"
Conclusion
I can't stop you from making standards.
But if this thing enters my network, I will kill it at the firewall. I simply 
cannot afford to host this Buddha in my small temple.​ If this protocol is on, 
my front door is unlocked. I might as well quit my job now.
Please fix it, or it dies in the wild.
Best regards,
Cui Yong
P.S. I don't understand English well, so I used AI translation tools to write 
this email. If there are any inaccuracies in my wording, please feel free to 
correct me. I'm just speaking from my operational experience.
_______________________________________________
Int-area mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to