ietf
[Top] [All Lists]

Re: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt> (Implications of Oversized IPv6 Header Chains) to Proposed Standard

2013-10-15 23:14:44
On 10/14/2013 12:19 PM, SM wrote:
It's a known problem since at least seven years.  Given that the problem
is labelled as a security issue there would have to be some changes to
the specification at some point.  There were design decisions to
implement the specification and the code has been deployed.  The
proposed outbound change is one sentence.  The code change to implement
that one sentence requires reviewing some implementation decisions (re.
encapsulation, etc.).  Please note that I am not arguing for or against
a change in the RFC 2119 key words.  The write-up only mentions that the
draft has been implemented on stateless firewalls.  I am curious about
whether there are any implementations for a host.

There can't be implementations for hosts because this spec uses an
ICMPv6 type/code that is to be assigned by IANA upong approval of this
document.

That aside, I don't follow your reasoning. If you think the code
required for this spec is complex, take a look at e.g. the TCP code.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont(_at_)si6networks(_dot_)com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492




<Prev in Thread] Current Thread [Next in Thread>