On Feb 22, 2017, at 10:56 AM, Lorenzo Colitti <lorenzo(_at_)google(_dot_)com>
wrote:
RFC6583-style attacks (of which the class addressed by RFC6164 is a subset)
are low payoff and pretty easy to mitigate using very small changes to ND
implementations
The duration of time it takes to roll out new code is measured in years in a
backbone. Some vendors are still missing negative-arp caching for v4 in 2017,
so I’m having trouble treating this as a low-payoff attack. Even when it’s not
intended as an attack, the side-effects are well documented, and is something
the IETF NOC team has experienced first-hand.
Not all vendors, hardware or implementations are equal, and convergence here
takes some time. Setting the right standard in the first place helps, and when
doing a -bis, it’s furthermore important to incorporate the operational lessons
learned. If the WG decides to not listen, that’s certainly it’s prerogative
but does not move the standards forward.
For me, this is just one of many things in IPv6 that requires servicing, so not
the end of the world if this one doesn’t get fixed, but being overly
prescriptive here is begging for trouble.
- Jared