On Friday 12 October 2012 17:57:52 Mark ZZZ Smith wrote: > Hi, > > Here's a new version of my stateless neighbor discovery draft. Changes: > > - make it more obvious that hosts don't need to be changed > - more informative introduction/problem definition text > - allow low end/embedded platforms to consider all traffic sources untrusted > if a DoS attack is occurring - misc. text re-wordings and changes > > Thanks to Ray Hunter and Matthew Moyle-Croft for their reviews and comments. > > Comments most appreciated. > > Thanks, > Mark.
Hi, Overall I like the principle of the implementation but I would also say there are a few issues that should be addressed: 1) TUSP should be defineable on an address/interface/packet marking basis; I would say that the exact method of determining a trusted/untrusted querier should (will) ultimately be down to the implementation and as such, this should exist as a recommendation - perhaps call it a "TUD List" instead (Trusted/Untrusted Discriminator) with implementation of a TUD mandatory. 2) While SLND is active, a packet that requires a solicitation MAY be dropped outright but can optionally be requeued/buffered etc - queue discipline should be considered beyond the scope of this document. I am also pondering the possibility of securing the on-link side by way of ND cookies (with a prerequiste being that the subnet size is at least /64) Essentially, while using SLND, a node would generate a neighbour solicitation for unknown on-link hosts using an algorithmically calculated source address resulting from a hash operation over a node-unique seed, the target address contained within the advertisement and the IPv6 header destination address. Thus when receiving a neighbor advertisement, the node can simply hash the data in order to verify if the advertisement is spurious or not. The node must not bind to nor answer solicitatation for these calculated addresses. This will ensure that in the event of a duplicate address, ND for the duplicate would not result in a false discovery. This does come with the downside that a solicited host will most likely attempt discovery of the algorithmically calculated source address - however, I would argue that the cost of this extra noise is outweighed by the benefit of ensuring non-spurious advertisements. Kind Regards, Oliver -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
