[e2e] It's all my fault
David P. Reed
dpreed at reed.com
Sat May 12 11:40:58 PDT 2007
Jari - Implementors who remove or disable source routing are (in my
opinion, of course) taking matters into their own hands on the basis of
a misguided theory that source routing *causes* denial of service.
Source routing is a standard, and was not included in the standard as a
"mistake" (either in IPv4 or in IPv6). It was included as a useful
tool. It was intended that end users would be able to use it. Blocking
end users from using it is vigilante action.
That would be appropriate if source routing were a bad idea. It is
not. It is a tool, which can be misused. Removing screwdrivers from
the workbench because they can be used to stab people through the eye is
the same sort of logic.
There is a rather nice analysis of the utility of source routing that
Jerry Saltzer and I wrote many years ago. We did not invent the idea -
Dave Farber used it prior to that. And source routing is a well
understood routing technique taught in the literature.
Regarding Bush's point about "amelioration" of source routing's
effects. Source routing does not have effects. Denial of service
attacks have effects. I am happy to talk about amelioration of denial
of service attacks.
Regarding Paul Vixie - I rarely speak out against people, mostly going
after their ideas. But Vixie has a track record. He is one of the
inventors, apologists, and promoters of aggressive spam blackhole lists:
holding non-offenders by the thousands accountable for the actions of a
few spammers. I and many others have been held hostage by having our
email blocked by his "blackhole vigilantes". He has never apologized
for it. I personally think he could be sued for millions of dollars of
lost work and aggravation.
Your mileage may vary.
Jari Arkko wrote:
> Randy, David,
>> it would be considerably more helpful if, instead of ad homina and
>> vituperation, you actually spoke to the rh0 security issues and possible
>> approaches to mitigation as a technical and engineering problem.
> Implementors have largely already done the right thing
> already earlier or else released patches in recent weeks.
> We are also dealing with the removal/disable of RH0 in the
> IPv6 WG list discussion. Other parts of the protocol stack
> that needed something like routing header have already
> years ago been designed to do something safe instead of
> My advice: if you have something to say about the way
> which we should disable RH0, go to the IPv6 list. Or if
> you can, apply a patch in your company's products or
> networks. Or apply your energy in figuring out what
> other vulnerabilities we have in our stacks; there's
> plenty of work in this space...
More information about the end2end-interest