v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space (IPv6-MW)]

Matthew Kaufman matthew at eeph.com
Fri Feb 6 09:17:55 CST 2009


This is straying from operational to protocol design and implementation, 
but as someone who has done a fair bit of both design and implementation...

Iljitsch van Beijnum wrote:
> The problem is that DHCP seemed like a good idea at the time but it 
> doesn't make any sense today. We know that parsing complex binary data 
> formats is asking for security problems...

Excuse me? This sounds like you've been hanging out with the SIP people 
for too long. The complexity of having a computer parse something like 
XML, or much worse, RFC822-style headers with complex rules about 
optional and mandatory options, a la SIP is *far* beyond what is 
required to parse things like DNS replies or even ASN.1. And *much* 
harder to generate strong proofs of correctness for.

Just because it is easier to read without a decoder library installed in 
your sniffer doesn't mean it is "more secure" to parse and process.

(Simple examples: binary tag/length/value formats allow immediate 
checking of the length to see if it is within bounds and to allocate the 
appropriate data structure size beforehand. With XML there's no way to 
know how long or deep a structure is until you've parsed the whole 
thing, just like with RFC822-style headers there's no way to know how 
long a line will be or whether or not there will be continuation lines 
for that tag until you've reached the next header. Which is more 
difficult to check for proper defense against buffer overrun attacks?)

Matthew Kaufman






More information about the NANOG mailing list