Let us summarize the discussion that has taken place so far and issues closed.
1. Technical content - Brian has agreed below that the problem we describe is real and we are saying our recommendation to change 2462bis I-D does fix this problem. Tatuya still has some issues with our problem, but we think till he fixes some typos in his email we cannot reply to him. This is what was sent from Tatuya that we think is text with typos: "First, it is not clear which "security problem" this bullet tries to indicate. Also, if Host1 is assumed to be the attacker that mounts traffic hijacking and/or DoS against Host2, forcing Host2 to perform DAD doesn't help because Host1 can get the same result by simply ignoring the DAD-NS from Host1." Tatuya also needs to explain how ignoring DAD from a host is a valid implementation of the 2462 standards. Our scenario is perfectly legal within the specification. Also, note that Host1 sends out the unchallenged DAD, so routers will assume everything is OK and send their traffic to Host1 and not Host2. 2. Delay of 2462bis I-D - we'll work with you to close issues ASAP. To also reply to another email where Tatuya said: "I've confirmed that both MacOSX(Tiger) and Linux (Fedora Core 6, kernel 2.6.18) perform DAD on both link-local and global addresses (generated from the same Mac address). I also know all BSD variants behave the same way. I don't know about Vista, but in my understand the vast majority of existing implementations actually perform DAD without an exception." Well, if stacks do not skip DAD, then there should be no problem with tightening up the language as we've proposed. Further, these hosts are not the only implementations out there. What about IPv6 cable modem bridges or DSL IPv6 bridges which implement an IPv6 host? These modems are deployed in a Service Provider deployment that is very strict on compliance with standards. - Hemant and Wes -----Original Message----- From: Brian E Carpenter [mailto:[EMAIL PROTECTED] Sent: Monday, June 25, 2007 2:38 AM To: Fred Baker (fred) Cc: Hemant Singh (shemant); [email protected]; JINMEI Tatuya / ???? Subject: Re: draft-wbeebee-nd-implementation-pitfalls-00 with urgent changes suggested to 2462bis-08 On 2007-06-22 18:25, Fred Baker wrote: > On Jun 22, 2007, at 7:38 AM, Brian E Carpenter wrote: >> What is out there as running code is history and words in RFCs will >> not change it. > > I think his point is that a new IPv6 implementation has just been > released into the market and is not operating very well. Forget the > compliance language; what he's saying is that the various IPv6 > implementations around don't run in his lab as well as advertised - > the running code doesn't run all that well - and he has some > suggestions for Vista Service Pack 1, MacOSX Leopard, Linux, etc. > > How about we keep this on the technical content of what he has to say? > Do you believe, and do others believe, that the problems he describes > are real? Absolutely. I just don't think that delaying 2462bis has any value. Brian -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
