Re: [homenet] Please review security considerations of draft-homenet-babel-profile

[Gert Doering]

Hi,

On Thu, Jul 27, 2017 at 03:38:15PM +0200, Philip Homburg wrote:
> The TTL hack is used in ND. 

Because ND uses GUAs (which it should have never done in the first place).

> It strikes me as really bad for security to come
> up with a different mechanism to achieve the same result for no other reason
> than that you for some reason didn't like that trick.

Relying on "it must be a link local src and link local dst" sounds much
more sane than "we permit arbitrary packets to reach us from the outside
and then worry about criteria to ignore them afterwards".

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AGVorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14  Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen   HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444   USt-IdNr.: DE813185279

___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] Please review security considerations of draft-homenet-babel-profile

[Philip Homburg]

>>> Yeah, the so-called "TTL hack".  
>
>> Care to explain why it would not be useful?
>
>At the time I wrote down Babel, I decided that given that we have link-local
>addresses that are securely scoped to a single link, the TTL hack is not
>necessary.

The TTL hack is used in ND. It strikes me as really bad for security to come
up with a different mechanism to achieve the same result for no other reason
than that you for some reason didn't like that trick.


___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet