On 8-mei-2007, at 21:00, Tim Enos wrote:
I would also prefer that RH0 be silently dropped but could live
with an ICMPv6 error message being sent back to the sending host
Why is everyone so in love with silently dropping?
This only makes troubleshooting harder.
See RFC 2460 and imagine that
Enos
Rom 8:28
From: Bob Hinden [EMAIL PROTECTED]
Date: 2007/04/25 Wed PM 07:39:40 CDT
To: IETF IPv6 Mailing List ipv6@ietf.org
Subject: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
[trimming this to just the IPv6 w.g.]
We think the question for the IPv6 working group
On Mon, Apr 30, 2007 at 05:43:04PM -0700, james woodyatt wrote:
I
further recommend the draft standards be amended to require that RH0
be rejected with an ICMP error when received at the first destination
and dropped silently in all other cases. This will allow operators
to identify
now, in KAME we meant to make t-shirt
code then spec, not spec then code'
Now T-shirt is available at http://www.kame.net/.
see http://www.natisbad.org/ for the summary of the problem as well
as list of link to the press coverages.
Le 1 mai 07 à 23:18, George V. Neville-Neil a écrit :
Actually I like this solution.
Now, not to beat a dead horse more, but when can a draft be set up to
talk about this?
I would already have pushed a submission but I'm not familiar with
the associated IETF process. I suspect it will
At Thu, 3 May 2007 13:41:12 +0200,
Ebalard, Arnaud wrote:
Le 1 mai 07 à 23:18, George V. Neville-Neil a écrit :
Actually I like this solution.
Now, not to beat a dead horse more, but when can a draft be set up to
talk about this?
I would already have pushed a submission but I'm
On May 3, 2007, at 5:41 PM, [EMAIL PROTECTED] wrote:
At Thu, 3 May 2007 13:41:12 +0200,
Ebalard, Arnaud wrote:
Le 1 mai 07 à 23:18, George V. Neville-Neil a écrit :
Actually I like this solution.
Now, not to beat a dead horse more, but when can a draft be set
up to
talk about this?
Eric Klein wrote:
[..]
I am sorry if I was unclear. I am on both lists and understand their
diffrences.
No, you are confusing [EMAIL PROTECTED] with [EMAIL PROTECTED]
They are not the same. The first has nothing to do with the IETF and
can't care much about what the IETF will decide, they will
On 5/3/07, Jeroen Massar [EMAIL PROTECTED] wrote:
I am sorry if I was unclear. I am on both lists and understand their
diffrences.
No, you are confusing [EMAIL PROTECTED] with [EMAIL PROTECTED]
They are not the same. The first has nothing to do with the IETF and
can't care much about what
Theo,
Congratulations. You've joined the other 20 or so people
whose mail my machine will delete unread from now on.
Brian
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests:
On Tue, 1 May 2007, Brian E Carpenter wrote:
Theo,
Congratulations. You've joined the other 20 or so people
whose mail my machine will delete unread from now on.
what about keeping those sort of personal stuff out of this (and other)
and other mailinglist? I care zip about you or him, I'm
Eric Klein wrote:
I have just noticed that this topic seems to be going on simutaniously
on both the IPv6 and v6OPS mailing lists.
The two threads are not coordinated, but both seem very concerned with
IPv6 Type 0 Routing Header issues.
[..]
It concerns me that the two teams are working
theo, i feel your pain. but at the heart of your issues there's a logic error
or perhaps two, and it's turning your input here into a distractive sideshow.
the first error i saw was when you wanted to prevent certain people from
having input into ietf decision making based on engineering errors
On 5/1/07, Jeroen Massar [EMAIL PROTECTED] wrote:
Eric Klein wrote:
I have just noticed that this topic seems to be going on simutaniously
on both the IPv6 and v6OPS mailing lists.
The two threads are not coordinated, but both seem very concerned with
IPv6 Type 0 Routing Header issues.
At Mon, 30 Apr 2007 17:43:04 -0700,
james woodyatt wrote:
On Apr 27, 2007, at 05:38, Ebalard, Arnaud wrote:
Bob Hinden [EMAIL PROTECTED] wrote:
Possible actions include:
1) Deprecate all usage of RH0
2) Recommend that RH0 support be off by default in hosts and routers
3)
Theo,
Your language is unfitting for professional discussion,
in my opinion.
The issue having been raised, we should deal with it as
an engineering matter.
Brian
IETF IPv6 working group mailing list
ipv6@ietf.org
I have just noticed that this topic seems to be going on simutaniously on
both the IPv6 and v6OPS mailing lists.
The two threads are not coordinated, but both seem very concerned with IPv6
Type 0 Routing Header issues.
This is seperate to the rash of Linux related warnings that have come out in
On Apr 27, 2007, at 05:38, Ebalard, Arnaud wrote:
Bob Hinden [EMAIL PROTECTED] wrote:
Possible actions include:
1) Deprecate all usage of RH0
2) Recommend that RH0 support be off by default in hosts and routers
3) Recommend that RH0 support be off by default in hosts
4) Limit it's usage
I think we can safely
put to bed the idea that the designers were dolts who didn't learn from
history. That doesn't mean there weren't dolts involved in the
process.:-)
Bob, actually, why should we put anything to bed? Are you statements
not some put it to bed, shove it under the carpet
Theo,
On Apr 27, 2007, at 10:42 PM, ext Theo de Raadt wrote:
I think we can safely
put to bed the idea that the designers were dolts who didn't learn
from
history. That doesn't mean there weren't dolts involved in the
process.:-)
Bob, actually, why should we put anything to bed? Are you
On Fri 27 Apr '07 at 02:06 George V. Neville-Neil [EMAIL PROTECTED] wrote:
Hi,
I would be interested in a list of cases FOR the Type 0 Routing
Header. If there are no good cases for it, it seems to me that
removing it is the best thing to do.
I quite like traceroute for the return path.
Alun Evans wrote:
On Fri 27 Apr '07 at 02:06 George V. Neville-Neil [EMAIL PROTECTED] wrote:
Hi,
I would be interested in a list of cases FOR the Type 0 Routing
Header. If there are no good cases for it, it seems to me that
removing it is the best thing to do.
I quite like traceroute
On Fri, Apr 27, 2007 at 10:19:01AM +0100, Jeroen Massar wrote:
This 'problem' can be solved with looking glass websites, not which such
an obvious security problem as RH0.
Surely the number of looking glass websites are a clear sign of a
difficency in IPv4? (Also, having to parse input to web
On Apr 26, 2007, at 17:17, james woodyatt wrote:
[...] I still don't think type code *ZERO* is the wrong choice [...].
Oops. This should have read, I still think type code *ZERO* is the
wrong choice... Sorry for any confusion.
don't worry, the world is in panic like 1912.
Hi Alun, Hi *,
Le 27 avr. 07 à 11:04, Alun Evans a écrit :
I would be interested in a list of cases FOR the Type 0 Routing
Header. If there are no good cases for it, it seems to me that
removing it is the best thing to do.
I quite like traceroute for the return path.
Which would also
On Wed, Apr 25, 2007 at 05:39:40PM -0700, Bob Hinden wrote:
[trimming this to just the IPv6 w.g.]
We think the question for the IPv6 working group on this topic is
does the working group want to do anything to address the issues
raised about the Type 0 routing header. Possible actions
even though Japanese, itojun2.0 is much like Theo so bare with me.
i will use quite a language, so it's X-rated.
and for those who didn't know, theo finally plan about enabling INET6
on cvs.openbsd.org and studying jinmei/shima/qingli book.
our 15 years of
he is also ICHIRO) and me (king of v6, jinmei beats me in careful
spec reading because i'm spine-coder and nanosleep guy)
to make IPv6 samurais, which is IPv6.
$s/IPv6\.$/KAME./
it's miracle that i need to correct only one typo.
my hands are shaking
1) Deprecate all usage of RH0
2) Recommend that RH0 support be off by default in hosts and routers
3) Recommend that RH0 support be off by default in hosts
4) Limit it's usage to one RH0 per IPv6 packet and limit the number
of addresses in one RH0.
My preference is 2 or alternatively 1.
Manfredi, Albert E wrote:
-Original Message-
From: Tony Hain [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 26, 2007 6:52 PM
As I recall the primary goal was to allow a system to state a specific
transit path because it was the one that the subscriber had a
contract with.
Bob,
On Wed, 2007-04-25 at 17:39 -0700, Bob Hinden wrote:
We think the question for the IPv6 working group on this topic is
does the working group want to do anything to address the issues
raised about the Type 0 routing header. Possible actions include:
1) Deprecate all usage of
i don't understand, rthdr0 must be killed, grilled, diced into million
pieces. say farewell. you did not do my exercise even:
- how many hops you can make w/ a packet sized 1280?
itojun
Manfredi, Albert E wrote:
-Original Message-
From: Tony Hain
I am a bit surprised that the security problems with the routing header
come as some sort of revelation at this stage. The intent, as I recall,
yup, it's such 1992 problem. hinden and kame needs harakiri.
handy. My recollection of a conversation with Steve on this topic back
in
Hi *,
Le 26 avr. 07 à 02:39, Bob Hinden a écrit :
[trimming this to just the IPv6 w.g.]
We think the question for the IPv6 working group on this topic is
does the working group want to do anything to address the issues
raised about the Type 0 routing header. Possible actions include:
I am facing a similar dilemma. Currently editing version 2.0 draft of
the US DoD DISR Product Profiles for IPv6 and considering adding a
THOU SHALT NOT or at least it would be a great idea if you didn't
forward based on RH0 due to this vulnerability. At the very least I
will note this risk,
Hi,
On Wed, Apr 25, 2007 at 09:41:09AM +0200, Mohacsi Janos wrote:
I think this is not a solution. The problems of routing header type 0 well
know by the community since long time. This has been documented for more
than 2-3 years know (raised 4 years ago). Are there any consensus, that
Hi,
On Wed, Apr 25, 2007 at 10:46:54AM +0200, Remi Denis-Courmont wrote:
On Wed, 25 Apr 2007 10:24:08 +0200, Gert Doering [EMAIL PROTECTED] wrote:
Well, one could argue that the standard isn't very well-written then - a
machine that is a *host* should NEVER forward packets, period.
-Original Message-
From: Gert Doering [mailto:[EMAIL PROTECTED]
On Wed, Apr 25, 2007 at 10:46:54AM +0200, Remi Denis-Courmont wrote:
On Wed, 25 Apr 2007 10:24:08 +0200, Gert Doering
[EMAIL PROTECTED] wrote:
Well, one could argue that the standard isn't very
well-written
Le 26 avr. 07 .AN` 02:39, Bob Hinden a Nicrit :*B
ah, finally. i even try to reach Steve saying no time for Salmon
fishing, man.
[trimming this to just the IPv6 w.g.]
We think the question for the IPv6 working group on this topic is
does the working group want to do
Bob Hinden wrote:
[trimming this to just the IPv6 w.g.]
We think the question for the IPv6 working group on this topic is does
the working group want to do anything to address the issues raised about
the Type 0 routing header. Possible actions include:
1) Deprecate all usage
PROTECTED] On
Behalf Of Ed Jankiewicz
Sent: Wednesday, April 25, 2007 8:13 AM
To: [EMAIL PROTECTED]
Cc: Rob Austein; ipv6@ietf.org; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: IPv6 Type 0 Routing Header issues
I am facing a similar dilemma. Currently editing version 2.0 draft of
the US DoD
for their random selection of long-distance.
Tony
-Original Message-
From: Manfredi, Albert E [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 26, 2007 8:03 AM
To: Gert Doering
Cc: ipv6@ietf.org
Subject: RE: IPv6 Type 0 Routing Header issues
-Original Message-
From
as normal.
Tony
-Original Message-
From: Brian E Carpenter [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 26, 2007 3:17 AM
To: IETF IPv6 Mailing List
Subject: Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header
issues]
On 2007-04-26 02:39, Bob Hinden wrote:
[trimming
On Apr 26, 2007, at 15:58, Tony Hain wrote:
As I said on V6ops, before you kill this off too quickly, James
Woodyatt's proxy redirection is a perfect example of a valid use
for Type 0 Routing Headers. He wants the firewall to redirect
traffic through a designated point (what this header
On Apr 26, 2007, at 17:17, james woodyatt wrote:
[...] I still don't think type code *ZERO* is the wrong choice [...].
Oops. This should have read, I still think type code *ZERO* is the
wrong choice... Sorry for any confusion.
--
j h woodyatt [EMAIL PROTECTED]
Hi,
I would be interested in a list of cases FOR the Type 0 Routing
Header. If there are no good cases for it, it seems to me that
removing it is the best thing to do.
Best,
George
IETF IPv6 working group mailing list
Hi All,
I think this is not a solution. The problems of routing header type 0 well
know by the community since long time. This has been documented for more
than 2-3 years know (raised 4 years ago). Are there any consensus, that
type 0 routing header should be deprecated? Until that it is
On Wed, Apr 25, 2007 at 09:41:09AM +0200, Mohacsi Janos wrote:
I think this is not a solution. The problems of routing header type 0 well
know by the community since long time. This has been documented for more
than 2-3 years know (raised 4 years ago). Are there any consensus, that
type 0
On Wed, 25 Apr 2007 10:24:08 +0200, Gert Doering [EMAIL PROTECTED] wrote:
Well, one could argue that the standard isn't very well-written then - a
machine that is a *host* should NEVER forward packets, period.
That's a BSD bug, not a standard bug.
The IPv6 specification says host must process
On Wed, 25 Apr 2007 10:24:08 +0200, Gert Doering [EMAIL PROTECTED] wrote:
Well, one could argue that the standard isn't very well-written then - a
machine that is a *host* should NEVER forward packets, period.
bzzzt. with IPv6 spec NODE (host + router) has to handle routing
... The problems of routing header type 0 well know by the community since
long time. This has been documented for more than 2-3 years know (raised 4
years ago). Are there any consensus, that type 0 routing header should be
deprecated? ...
yes. nobody anywhere still thinks that this is
... The problems of routing header type 0 well know by the community since
long time. This has been documented for more than 2-3 years know (raised 4
years ago). Are there any consensus, that type 0 routing header should be
deprecated? ...
yes. nobody anywhere still thinks that this is
At Wed, 25 Apr 2007 09:41:09 +0200 (CEST), Mohacsi Janos wrote:
The current patch provided by OpenBSD/FreeBSD makes *BSD IPv6
implemenation non-conformant to standard.
Sometimes violating the standard is the only reasonable thing for an
implementor to do. The (IPv4) stack I worked on back in
Yes, absolutely. Rob, I couldn't agree more.
From: Rob Austein [EMAIL PROTECTED]
Date: 2007/04/25 Wed AM 09:13:36 CDT
To: [EMAIL PROTECTED], ipv6@ietf.org, [EMAIL PROTECTED]
Subject: Re: IPv6 Type 0 Routing Header issues
At Wed, 25 Apr 2007 09:41:09 +0200 (CEST), Mohacsi Janos wrote
[trimming this to just the IPv6 w.g.]
We think the question for the IPv6 working group on this topic is
does the working group want to do anything to address the issues
raised about the Type 0 routing header. Possible actions include:
1) Deprecate all usage of RH0
2) Recommend that RH0
Bob Hinden wrote:
[trimming this to just the IPv6 w.g.]
We think the question for the IPv6 working group on this topic is does
the working group want to do anything to address the issues raised about
the Type 0 routing header. Possible actions include:
1) Deprecate all usage of RH0
2)
Just in case folks are missing out on this, find below a rather nasty
security issue.
I cannot say that this is a big surprise, even if the specific attack
is news to me and it has a major impact. Some issues with Type 0
have been known for years; I think draft-savola-ipv6-rh-ha was the
At Wed, 25 Apr 2007 00:46:28 +0300,
Jari Arkko wrote:
Just in case folks are missing out on this, find below a rather nasty
security issue.
I cannot say that this is a big surprise, even if the specific attack
is news to me and it has a major impact. Some issues with Type 0
have
58 matches
Mail list logo