[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-lindem-ospfv3-dest-filter-01.txt

To: OSPF at PEACH.EASE.LSOFT.COM
Subject: Re: Comments on draft-lindem-ospfv3-dest-filter-01.txt
From: Mukesh.Gupta at NOKIA.COM
Date: Thu, 13 May 2004 16:48:53 -0500
Reply-to: Mailing List <OSPF at PEACH.EASE.LSOFT.COM>
Sender: Mailing List <OSPF at PEACH.EASE.LSOFT.COM>
Thread-index: AcQ5J86BfUzmYxI/T6Wuh7+0cigVdwADBg6Q
Thread-topic: Comments on draft-lindem-ospfv3-dest-filter-01.txt

I would go for informational.  That is just my opinion
ofcourse.

Posting it to rpsec definitely is a good idea.

Regards
Mukesh

> -----Original Message-----
> From: Mailing List [mailto:OSPF at PEACH.EASE.LSOFT.COM]On Behalf Of ext
> Acee Lindem
> Sent: Thursday, May 13, 2004 1:20 PM
> To: OSPF at PEACH.EASE.LSOFT.COM
> Subject: Re: Comments on draft-lindem-ospfv3-dest-filter-01.txt
> 
> 
> Hi Mukesh,
> I guess I'd put the question of status to the WG and it
> depends on how useful everyone thinks it is. I'm also
> going to post it to the RPSEC WG since I believe they've
> accepted OSPF Vulnerabilities draft.
> 
> Thanks,
> Acee
> 
> ----- Original Message -----
> From: <Mukesh.Gupta at NOKIA.COM>
> To: <OSPF at PEACH.EASE.LSOFT.COM>
> Sent: Wednesday, May 12, 2004 1:09 PM
> Subject: Re: Comments on draft-lindem-ospfv3-dest-filter-01.txt
> 
> 
> Hi Acee,
> 
> > It's true the same could be accomplished with one or more
> > ACL(s). However, if the same approach is taken for every
> > protocol/service one could end up having to configure and maintain
> > quite an extensive administrative ACL (i.e., an ACL applied 
> to packets
> > to be delivered locally as opposed to all packets received on
> > an interface).
> > One thing that started us thinking about the problem and the
> > elegance of
> > simply rejecting all packets without a link-local destination
> > was the OSPF
> > vulnerabilities work going on in the RPSEC group. With that
> > work in mind, it
> > seemed natural to have a single mechanism built into OSPFv3.
> > One could use
> > a knob (so you'd know whether or not virtual link could be
> > configured) or simply
> > always have the check in force when no virtual links are
> > configured at the
> > level of application. Finally, dependent on the implemenation
> > and where/how
> > the ACL(s) is/are applied this solution could be cheaper and
> > simpler (I know I've
> > opened myself up to all of those who are going to tell me how
> > well they've
> > implemented their ACLs ;^).
> 
> Sounds reasonable to me.  I don't see any harm in publishing
> this document.  What is the status that this document is
> seeking ?  Informational or BCP ?
> 
> Regards
> Mukesh
>

Prev by Date: Re: Comments on draft-lindem-ospfv3-dest-filter-01.txt
Next by Date: Flushing of MaxAge LSAs from Database.
Previous by thread: Re: Comments on draft-lindem-ospfv3-dest-filter-01.txt
Next by thread: OSPFV3 Link LSA
Index(es):
- Date
- Thread