[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-v6ops-icmpv6-filtering-recs to informational
Let's see. How long have you had to review this, and when did the
WGLC close? Remind me?
There will not be an IETF Last Call, as this is an informational
document. If there were, I would encourage you to make the comment in
response to the IETF last call. If the ADs send the document back for
a new I-D for some reason, I will expect the authors to respond to
this. I'm not going to hold it up for this, though. The document
makes rather a point that there is significant value to ICMP
filtering, so I can't imagine the comment really being interpreted as
a reason to not filter.
On Jun 13, 2006, at 3:20 PM, Iljitsch van Beijnum wrote:
On 13-jun-2006, at 21:52, Fred Baker wrote:
The real value in this document, besides suggesting appropriate
firewall configurations, is in the lines of reasoning presented
for the configuration elements. For example, a router solicitation
by definition travels from a host seeking a first hop router to a
system that it is directly connected to at a lower layer such as a
wired or wireless Ethernet. The document recommends that this
class of message never be forwarded, and one in fact hopes that
not only would it not be forwarded, but that the originator would
set TTL=1 to prevent the occurrence even if the router were
6.1.1. Validation of Router Solicitation Messages
Hosts MUST silently discard any received Router Solicitation
A router MUST silently discard any received Router Solicitation
messages that do not satisfy all of the following validity checks:
- The IP Hop Limit field has a value of 255, i.e., the packet
could not possibly have been forwarded by a router.
Although the document mentions using the hop limit at 255 as a
security feature, I think this could be more prominent, as it may
give people a reason to forego some or even all ICMPv6 filtering.
As such, the document collects a fair bit of wisdom from which the
unschooled can learn.
You're making me bite my tongue here, Fred...
1.b) Has the document had adequate review from both key WG
and key non-WG members? Do you have any concerns about the
depth or breadth of the reviews that have been performed?
This document has been through working group review since its
introduction about a year ago. This version responds to comments
presented during working group last call in May 2006. I believe
that it has had adequate review.
Please have the use of "hop count" changed to "hop limit" in the
document to reflect the actual name of the field.