On Fri, 18 May 2007, Iljitsch van Beijnum wrote:
To fix this, we should explain the problems that source routing and/or the routing header type 0 can cause, define what "deprecate" means and then what deprecation of the routing header type 0 means in practice, and how this solves the problems explained earlier. Or we simply forego use of the word "deprecate".
IMHO, the key point is to make a decision how to go forward. The WG chairs have read the consensus as 'deprecate' (mail on Mon, 14 May 2007 16:12:04 -0400).
It is not clear to me whether you're arguing against the result of that consensus call, or arguing about the lack of clarity in this draft (in general or specific to section 3).
I do not think it's very productive to rathole over argument which underlying problems are critical, which of them are "security" versus something else, etc. While it would likely be beneficial to put this on the written record, getting consensus on these underlying problems would take much longer than getting consensus for which action to take.
As such, I'd be supportive of having the source routing issues documented in a separate (non-normative) I-D, but that should not block advancing this I-D. (On the other hand, I don't think such a document is strictly necessary, either.)
I'm supportive of your concern that the interpretation of the word "deprecate" may have different meanings and more explicit language might be warranted; Section 3 defines its result without an explicit definition. I'm also supportive of your concern that the draft should tone down "serious security implications" that can be "exploited" -- even if these were true, I don't feel it's necessary to have such (potentially) contentious words in this draft; the key point is the deprecation, not getting perfect consensus on why we deprecate and how exactly we write it down.
However, as I think the draft shouldn't spend words in enumerating the various attacks, it shouldn't discuss the mitigations either. (Both of these are potential ratholes that we should avoid.)
With regard to IPv4, ADs seemed to feel that it should be addressed in a separate document.
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
