[ipv6-wg] More on IPv6 RA-Guard evasion (IPv6 security)
- Previous message (by thread): [ipv6-wg] More on IPv6 RA-Guard evasion (IPv6 security)
- Next message (by thread): [ipv6-wg] The DFZ and supernetting
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Fernando Gont
fgont at si6networks.com
Tue Sep 6 03:23:17 CEST 2011
Hi, Gunter, On 09/05/2011 05:12 AM, Gunter Van de Velde (gvandeve) wrote: > I gave you my feedback and some advice during the IETF in Quebec in a > 1-2-1 email. > My hopes are that you integrate the feedback. Yes. I'll revise the I-D as proposed. > The draft RA-Guard is correct and needs no fixing. Do you mean the RA-Guard RFC, or my RA-Guard evasion I-D? > I agree that my security section in the RA-Guard RFC > is a bit light on content. However the main thing is that > implementations for RA-Guard use traditional ACLs for achieving the goal > and then ofcours these implementations can be bypassed with well known > and documented ACL's bypass techniques. My I-D is not meant to trash any others' work -- sorry if it came across like that. (the next version of the I-D will be revised as you had suggested off-list) That said (and aside of the project of pursuing this work), I do think that RA-Guard skips important considerations that should be taken into account to implement the "RA-Guard concept" in a real device -- which IMHO are core to the mechanism, rather than just a security consideration. > You can keep rambling the kettle here, Not sure what this expression means (English as second language here) -- anyway I was just asking for feedback. > but keep the above in mind if you desire to proceed with this work. As noted, I'll do. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont at si6networks.com web: http://www.si6networks.com | Twitter: @SI6Networks
- Previous message (by thread): [ipv6-wg] More on IPv6 RA-Guard evasion (IPv6 security)
- Next message (by thread): [ipv6-wg] The DFZ and supernetting
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]