Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

On 8-mei-2007, at 21:00, Tim Enos wrote: I would also prefer that RH0 be silently dropped but could live with an ICMPv6 error message being sent back to the sending host Why is everyone so in love with silently dropping? This only makes troubleshooting harder. See RFC 2460 and imagine that

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

Enos Rom 8:28 From: Bob Hinden [EMAIL PROTECTED] Date: 2007/04/25 Wed PM 07:39:40 CDT To: IETF IPv6 Mailing List ipv6@ietf.org Subject: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues] [trimming this to just the IPv6 w.g.] We think the question for the IPv6 working group

Re: IPv6 Type 0 Routing Header issues

On Mon, Apr 30, 2007 at 05:43:04PM -0700, james woodyatt wrote: I further recommend the draft standards be amended to require that RH0 be rejected with an ICMP error when received at the first destination and dropped silently in all other cases. This will allow operators to identify

Re: itojun2.0 (RE: IPv6 Type 0 Routing Header issues)

now, in KAME we meant to make t-shirt code then spec, not spec then code' Now T-shirt is available at http://www.kame.net/. see http://www.natisbad.org/ for the summary of the problem as well as list of link to the press coverages.

Re: IPv6 Type 0 Routing Header issues

Le 1 mai 07 à 23:18, George V. Neville-Neil a écrit : Actually I like this solution. Now, not to beat a dead horse more, but when can a draft be set up to talk about this? I would already have pushed a submission but I'm not familiar with the associated IETF process. I suspect it will

Re: IPv6 Type 0 Routing Header issues

At Thu, 3 May 2007 13:41:12 +0200, Ebalard, Arnaud wrote: Le 1 mai 07 à 23:18, George V. Neville-Neil a écrit : Actually I like this solution. Now, not to beat a dead horse more, but when can a draft be set up to talk about this? I would already have pushed a submission but I'm

Re: IPv6 Type 0 Routing Header issues

On May 3, 2007, at 5:41 PM, [EMAIL PROTECTED] wrote: At Thu, 3 May 2007 13:41:12 +0200, Ebalard, Arnaud wrote: Le 1 mai 07 à 23:18, George V. Neville-Neil a écrit : Actually I like this solution. Now, not to beat a dead horse more, but when can a draft be set up to talk about this?

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

Eric Klein wrote: [..] I am sorry if I was unclear. I am on both lists and understand their diffrences. No, you are confusing [EMAIL PROTECTED] with [EMAIL PROTECTED] They are not the same. The first has nothing to do with the IETF and can't care much about what the IETF will decide, they will

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

On 5/3/07, Jeroen Massar [EMAIL PROTECTED] wrote: I am sorry if I was unclear. I am on both lists and understand their diffrences. No, you are confusing [EMAIL PROTECTED] with [EMAIL PROTECTED] They are not the same. The first has nothing to do with the IETF and can't care much about what

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

Theo, Congratulations. You've joined the other 20 or so people whose mail my machine will delete unread from now on. Brian IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests:

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

On Tue, 1 May 2007, Brian E Carpenter wrote: Theo, Congratulations. You've joined the other 20 or so people whose mail my machine will delete unread from now on. what about keeping those sort of personal stuff out of this (and other) and other mailinglist? I care zip about you or him, I'm

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

Eric Klein wrote: I have just noticed that this topic seems to be going on simutaniously on both the IPv6 and v6OPS mailing lists. The two threads are not coordinated, but both seem very concerned with IPv6 Type 0 Routing Header issues. [..] It concerns me that the two teams are working

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

theo, i feel your pain. but at the heart of your issues there's a logic error or perhaps two, and it's turning your input here into a distractive sideshow. the first error i saw was when you wanted to prevent certain people from having input into ietf decision making based on engineering errors

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

On 5/1/07, Jeroen Massar [EMAIL PROTECTED] wrote: Eric Klein wrote: I have just noticed that this topic seems to be going on simutaniously on both the IPv6 and v6OPS mailing lists. The two threads are not coordinated, but both seem very concerned with IPv6 Type 0 Routing Header issues.

Re: IPv6 Type 0 Routing Header issues

At Mon, 30 Apr 2007 17:43:04 -0700, james woodyatt wrote: On Apr 27, 2007, at 05:38, Ebalard, Arnaud wrote: Bob Hinden [EMAIL PROTECTED] wrote: Possible actions include: 1) Deprecate all usage of RH0 2) Recommend that RH0 support be off by default in hosts and routers 3)

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

Theo, Your language is unfitting for professional discussion, in my opinion. The issue having been raised, we should deal with it as an engineering matter. Brian IETF IPv6 working group mailing list ipv6@ietf.org

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

I have just noticed that this topic seems to be going on simutaniously on both the IPv6 and v6OPS mailing lists. The two threads are not coordinated, but both seem very concerned with IPv6 Type 0 Routing Header issues. This is seperate to the rash of Linux related warnings that have come out in

Re: IPv6 Type 0 Routing Header issues

On Apr 27, 2007, at 05:38, Ebalard, Arnaud wrote: Bob Hinden [EMAIL PROTECTED] wrote: Possible actions include: 1) Deprecate all usage of RH0 2) Recommend that RH0 support be off by default in hosts and routers 3) Recommend that RH0 support be off by default in hosts 4) Limit it's usage

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

I think we can safely put to bed the idea that the designers were dolts who didn't learn from history. That doesn't mean there weren't dolts involved in the process.:-) Bob, actually, why should we put anything to bed? Are you statements not some put it to bed, shove it under the carpet

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

Theo, On Apr 27, 2007, at 10:42 PM, ext Theo de Raadt wrote: I think we can safely put to bed the idea that the designers were dolts who didn't learn from history. That doesn't mean there weren't dolts involved in the process.:-) Bob, actually, why should we put anything to bed? Are you

Re: IPv6 Type 0 Routing Header issues

On Fri 27 Apr '07 at 02:06 George V. Neville-Neil [EMAIL PROTECTED] wrote: Hi, I would be interested in a list of cases FOR the Type 0 Routing Header. If there are no good cases for it, it seems to me that removing it is the best thing to do. I quite like traceroute for the return path.

Re: IPv6 Type 0 Routing Header issues

Alun Evans wrote: On Fri 27 Apr '07 at 02:06 George V. Neville-Neil [EMAIL PROTECTED] wrote: Hi, I would be interested in a list of cases FOR the Type 0 Routing Header. If there are no good cases for it, it seems to me that removing it is the best thing to do. I quite like traceroute

Re: IPv6 Type 0 Routing Header issues

On Fri, Apr 27, 2007 at 10:19:01AM +0100, Jeroen Massar wrote: This 'problem' can be solved with looking glass websites, not which such an obvious security problem as RH0. Surely the number of looking glass websites are a clear sign of a difficency in IPv4? (Also, having to parse input to web

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

On Apr 26, 2007, at 17:17, james woodyatt wrote: [...] I still don't think type code *ZERO* is the wrong choice [...]. Oops. This should have read, I still think type code *ZERO* is the wrong choice... Sorry for any confusion. don't worry, the world is in panic like 1912.

Re: IPv6 Type 0 Routing Header issues

Hi Alun, Hi *, Le 27 avr. 07 à 11:04, Alun Evans a écrit : I would be interested in a list of cases FOR the Type 0 Routing Header. If there are no good cases for it, it seems to me that removing it is the best thing to do. I quite like traceroute for the return path. Which would also

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

On Wed, Apr 25, 2007 at 05:39:40PM -0700, Bob Hinden wrote: [trimming this to just the IPv6 w.g.] We think the question for the IPv6 working group on this topic is does the working group want to do anything to address the issues raised about the Type 0 routing header. Possible actions

itojun2.0 (RE: IPv6 Type 0 Routing Header issues)

even though Japanese, itojun2.0 is much like Theo so bare with me. i will use quite a language, so it's X-rated. and for those who didn't know, theo finally plan about enabling INET6 on cvs.openbsd.org and studying jinmei/shima/qingli book. our 15 years of

Re: itojun2.0 (RE: IPv6 Type 0 Routing Header issues)

he is also ICHIRO) and me (king of v6, jinmei beats me in careful spec reading because i'm spine-coder and nanosleep guy) to make IPv6 samurais, which is IPv6. $s/IPv6\.$/KAME./ it's miracle that i need to correct only one typo. my hands are shaking

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

1) Deprecate all usage of RH0 2) Recommend that RH0 support be off by default in hosts and routers 3) Recommend that RH0 support be off by default in hosts 4) Limit it's usage to one RH0 per IPv6 packet and limit the number of addresses in one RH0. My preference is 2 or alternatively 1.

RE: IPv6 Type 0 Routing Header issues

Manfredi, Albert E wrote: -Original Message- From: Tony Hain [mailto:[EMAIL PROTECTED] Sent: Thursday, April 26, 2007 6:52 PM As I recall the primary goal was to allow a system to state a specific transit path because it was the one that the subscriber had a contract with.

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

Bob, On Wed, 2007-04-25 at 17:39 -0700, Bob Hinden wrote: We think the question for the IPv6 working group on this topic is does the working group want to do anything to address the issues raised about the Type 0 routing header. Possible actions include: 1) Deprecate all usage of

RE: IPv6 Type 0 Routing Header issues

i don't understand, rthdr0 must be killed, grilled, diced into million pieces. say farewell. you did not do my exercise even: - how many hops you can make w/ a packet sized 1280? itojun Manfredi, Albert E wrote: -Original Message- From: Tony Hain

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

I am a bit surprised that the security problems with the routing header come as some sort of revelation at this stage. The intent, as I recall, yup, it's such 1992 problem. hinden and kame needs harakiri. handy. My recollection of a conversation with Steve on this topic back in

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

Hi *, Le 26 avr. 07 à 02:39, Bob Hinden a écrit : [trimming this to just the IPv6 w.g.] We think the question for the IPv6 working group on this topic is does the working group want to do anything to address the issues raised about the Type 0 routing header. Possible actions include:

Re: IPv6 Type 0 Routing Header issues

I am facing a similar dilemma. Currently editing version 2.0 draft of the US DoD DISR Product Profiles for IPv6 and considering adding a THOU SHALT NOT or at least it would be a great idea if you didn't forward based on RH0 due to this vulnerability. At the very least I will note this risk,

Re: IPv6 Type 0 Routing Header issues

Hi, On Wed, Apr 25, 2007 at 09:41:09AM +0200, Mohacsi Janos wrote: I think this is not a solution. The problems of routing header type 0 well know by the community since long time. This has been documented for more than 2-3 years know (raised 4 years ago). Are there any consensus, that

Re: IPv6 Type 0 Routing Header issues

Hi, On Wed, Apr 25, 2007 at 10:46:54AM +0200, Remi Denis-Courmont wrote: On Wed, 25 Apr 2007 10:24:08 +0200, Gert Doering [EMAIL PROTECTED] wrote: Well, one could argue that the standard isn't very well-written then - a machine that is a *host* should NEVER forward packets, period.

RE: IPv6 Type 0 Routing Header issues

-Original Message- From: Gert Doering [mailto:[EMAIL PROTECTED] On Wed, Apr 25, 2007 at 10:46:54AM +0200, Remi Denis-Courmont wrote: On Wed, 25 Apr 2007 10:24:08 +0200, Gert Doering [EMAIL PROTECTED] wrote: Well, one could argue that the standard isn't very well-written

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

Le 26 avr. 07 .AN` 02:39, Bob Hinden a Nicrit :*B ah, finally. i even try to reach Steve saying no time for Salmon fishing, man. [trimming this to just the IPv6 w.g.] We think the question for the IPv6 working group on this topic is does the working group want to do

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

Bob Hinden wrote: [trimming this to just the IPv6 w.g.] We think the question for the IPv6 working group on this topic is does the working group want to do anything to address the issues raised about the Type 0 routing header. Possible actions include: 1) Deprecate all usage

RE: IPv6 Type 0 Routing Header issues

PROTECTED] On Behalf Of Ed Jankiewicz Sent: Wednesday, April 25, 2007 8:13 AM To: [EMAIL PROTECTED] Cc: Rob Austein; ipv6@ietf.org; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: IPv6 Type 0 Routing Header issues I am facing a similar dilemma. Currently editing version 2.0 draft of the US DoD

RE: IPv6 Type 0 Routing Header issues

for their random selection of long-distance. Tony -Original Message- From: Manfredi, Albert E [mailto:[EMAIL PROTECTED] Sent: Thursday, April 26, 2007 8:03 AM To: Gert Doering Cc: ipv6@ietf.org Subject: RE: IPv6 Type 0 Routing Header issues -Original Message- From

RE: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

as normal. Tony -Original Message- From: Brian E Carpenter [mailto:[EMAIL PROTECTED] Sent: Thursday, April 26, 2007 3:17 AM To: IETF IPv6 Mailing List Subject: Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues] On 2007-04-26 02:39, Bob Hinden wrote: [trimming

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

On Apr 26, 2007, at 15:58, Tony Hain wrote: As I said on V6ops, before you kill this off too quickly, James Woodyatt's proxy redirection is a perfect example of a valid use for Type 0 Routing Headers. He wants the firewall to redirect traffic through a designated point (what this header

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

On Apr 26, 2007, at 17:17, james woodyatt wrote: [...] I still don't think type code *ZERO* is the wrong choice [...]. Oops. This should have read, I still think type code *ZERO* is the wrong choice... Sorry for any confusion. -- j h woodyatt [EMAIL PROTECTED]

Re: IPv6 Type 0 Routing Header issues

Hi, I would be interested in a list of cases FOR the Type 0 Routing Header. If there are no good cases for it, it seems to me that removing it is the best thing to do. Best, George IETF IPv6 working group mailing list

Re: IPv6 Type 0 Routing Header issues

Hi All, I think this is not a solution. The problems of routing header type 0 well know by the community since long time. This has been documented for more than 2-3 years know (raised 4 years ago). Are there any consensus, that type 0 routing header should be deprecated? Until that it is

Re: IPv6 Type 0 Routing Header issues

On Wed, Apr 25, 2007 at 09:41:09AM +0200, Mohacsi Janos wrote: I think this is not a solution. The problems of routing header type 0 well know by the community since long time. This has been documented for more than 2-3 years know (raised 4 years ago). Are there any consensus, that type 0

Re: IPv6 Type 0 Routing Header issues

On Wed, 25 Apr 2007 10:24:08 +0200, Gert Doering [EMAIL PROTECTED] wrote: Well, one could argue that the standard isn't very well-written then - a machine that is a *host* should NEVER forward packets, period. That's a BSD bug, not a standard bug. The IPv6 specification says host must process

Re: IPv6 Type 0 Routing Header issues

On Wed, 25 Apr 2007 10:24:08 +0200, Gert Doering [EMAIL PROTECTED] wrote: Well, one could argue that the standard isn't very well-written then - a machine that is a *host* should NEVER forward packets, period. bzzzt. with IPv6 spec NODE (host + router) has to handle routing

Re: IPv6 Type 0 Routing Header issues

... The problems of routing header type 0 well know by the community since long time. This has been documented for more than 2-3 years know (raised 4 years ago). Are there any consensus, that type 0 routing header should be deprecated? ... yes. nobody anywhere still thinks that this is

Re: IPv6 Type 0 Routing Header issues

... The problems of routing header type 0 well know by the community since long time. This has been documented for more than 2-3 years know (raised 4 years ago). Are there any consensus, that type 0 routing header should be deprecated? ... yes. nobody anywhere still thinks that this is

Re: IPv6 Type 0 Routing Header issues

At Wed, 25 Apr 2007 09:41:09 +0200 (CEST), Mohacsi Janos wrote: The current patch provided by OpenBSD/FreeBSD makes *BSD IPv6 implemenation non-conformant to standard. Sometimes violating the standard is the only reasonable thing for an implementor to do. The (IPv4) stack I worked on back in

Re: IPv6 Type 0 Routing Header issues

Yes, absolutely. Rob, I couldn't agree more. From: Rob Austein [EMAIL PROTECTED] Date: 2007/04/25 Wed AM 09:13:36 CDT To: [EMAIL PROTECTED], ipv6@ietf.org, [EMAIL PROTECTED] Subject: Re: IPv6 Type 0 Routing Header issues At Wed, 25 Apr 2007 09:41:09 +0200 (CEST), Mohacsi Janos wrote

Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

[trimming this to just the IPv6 w.g.] We think the question for the IPv6 working group on this topic is does the working group want to do anything to address the issues raised about the Type 0 routing header. Possible actions include: 1) Deprecate all usage of RH0 2) Recommend that RH0

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

Bob Hinden wrote: [trimming this to just the IPv6 w.g.] We think the question for the IPv6 working group on this topic is does the working group want to do anything to address the issues raised about the Type 0 routing header. Possible actions include: 1) Deprecate all usage of RH0 2)

Re: IPv6 Type 0 Routing Header issues

Just in case folks are missing out on this, find below a rather nasty security issue. I cannot say that this is a big surprise, even if the specific attack is news to me and it has a major impact. Some issues with Type 0 have been known for years; I think draft-savola-ipv6-rh-ha was the

Re: IPv6 Type 0 Routing Header issues

At Wed, 25 Apr 2007 00:46:28 +0300, Jari Arkko wrote: Just in case folks are missing out on this, find below a rather nasty security issue. I cannot say that this is a big surprise, even if the specific attack is news to me and it has a major impact. Some issues with Type 0 have