I'll change to SHOULD. You make good points. Dino
On Oct 27, 2011, at 1:24 PM, Jari Arkko wrote: > Joel, Dino: > > Not doing source address checks is not hurting just you as a receiver, but > also whoever gets the response packet. It is hurting the rest of the > Internet. Basically, a way to circumvent all the ingress filtering that > exists in the Internet today. > > Note that I was not suggesting a MUST. I understand that the implementation > may be costly, and that is why I was suggesting a SHOULD. > > Jari > > On 27.10.2011 20:55, Joel M. Halpern wrote: >> Given that, as far as I can tell, failing to perform the source checks >> leaves the site using the weak ETR at risk, but does not harm anyone else, >> and given that this is experimental, >> it seems sufficient to leave the text the way it is. >> >> Yours, >> Joel >> >> On 10/27/2011 1:04 PM, Dino Farinacci wrote: >>> On Oct 23, 2011, at 5:13 AM, Jari Arkko wrote: >> ... >>>>>> Second, I wish you would have specified the source address checks >>>>>> better. Are there situations where you would NOT want to make a pretty >>>>>> strict test, i.e., that source EID maps to source RLOC? >>>>> Because this is work still in progress. >>>> >>>> I understand that, but accepting tunnel packets without this validation >>>> just seems pretty open to attacks. And this is not just about LISP. In >>>> general, every IETF technique that comes out may have vulnerabilities that >>>> cause trouble not just for that technology but also for other things in >>>> the Internet. I'm worried that this coyld be an attack vector to attack >>>> other things in the Internet in the future. Can we agree on a middle >>>> ground, e.g., make the MAY a SHOULD? I'd be much happier with that… >>> >>> I hear you loud and clear. But no one may implement this beacuse it is hard >>> and expensive. We need to solve it another way and we are not ready to >>> document it yet. >>> >>> Dino >> >> > _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
