IETF Logo Mail Archive

Re: [Gen-art] Lars Eggert's Discuss on draft-ietf-6lowpan-hc-13: (with DISCUSS)

"Dan Wing" <dwing@cisco.com> Wed, 19 January 2011 15:52 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8D2143A7010; Wed, 19 Jan 2011 07:52:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JZs-sh2j109p; Wed, 19 Jan 2011 07:52:35 -0800 (PST)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id 657D83A701D; Wed, 19 Jan 2011 07:52:35 -0800 (PST)
Authentication-Results: rtp-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none
Received: from rtp-core-1.cisco.com ([64.102.124.12]) by rtp-iport-1.cisco.com with ESMTP; 19 Jan 2011 15:55:15 +0000
Received: from dwingWS ([10.32.240.195]) by rtp-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id p0JFtAqO026509; Wed, 19 Jan 2011 15:55:10 GMT
From: Dan Wing <dwing@cisco.com>
To: "'Pascal Thubert (pthubert)'" <pthubert@cisco.com>, 'Lars Eggert' <lars.eggert@nokia.com>
References: <20110118075713.11900.28767.idtracker@localhost> <6A2A459175DABE4BB11DE2026AA50A5D03A47A88@XMB-AMS-107.cisco.com> <5E4CC27C-9BCA-47B5-97F0-0BCF6AE751F9@nokia.com> <6A2A459175DABE4BB11DE2026AA50A5D03A47C1F@XMB-AMS-107.cisco.com>
In-Reply-To: <6A2A459175DABE4BB11DE2026AA50A5D03A47C1F@XMB-AMS-107.cisco.com>
Date: Wed, 19 Jan 2011 07:55:10 -0800
Message-ID: <02e001cbb7f1$40f090e0$c2d1b2a0$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Acu3r55cD5s/S377S7aiJvc6le1W7QACz3TQAA13PFA=
Content-Language: en-us
Cc: gen-art@ietf.org, draft-ietf-6lowpan-hc@tools.ietf.org, 6lowpan-chairs@tools.ietf.org, 'The IESG' <iesg@ietf.org>
Subject: Re: [Gen-art] Lars Eggert's Discuss on draft-ietf-6lowpan-hc-13: (with DISCUSS)
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jan 2011 15:52:36 -0000

> -----Original Message-----
> From: Pascal Thubert (pthubert) [mailto:pthubert@cisco.com]
> Sent: Wednesday, January 19, 2011 1:36 AM
> To: Lars Eggert; Dan Wing (dwing)
> Cc: The IESG; david.black@emc.com; gen-art@ietf.org; 6lowpan-
> chairs@tools.ietf.org; draft-ietf-6lowpan-hc@tools.ietf.org
> Subject: RE: Lars Eggert's Discuss on draft-ietf-6lowpan-hc-13: (with
> DISCUSS)
> 
> Hi Lars,
> 
> >
> > On 2011-1-18, at 20:41, Pascal Thubert (pthubert) wrote:
> > > I'm still unhappy since the text allows a middle point to
> recomputed
> the
> > checksum which then might be delivered erroneously to the wrong IP or
> > port.
> > > This was done to ensure that a packet that flows on the Internet
> would
> > 'look right' to middle boxes and end points.
> >
> > right. This is very much related to the ongoing discussion in BEHAVE
> about
> > how IPv4/IPv6 translator boxes should treat IPv4 packets that come in
> with
> > UDP checksum zero. If they calculate a UDP checksum for the outgoing
> UDP
> > packet, they might "upgrade" that packet to a level of assurance that
> the
> > original didn't have.
> >
> [Pascal] I'll copy Dan, and forward the previous mail unicast.
> 
> > I'm not sure what the current thinking in BEHAVE is, but it would
> make
> sense
> > for this ID to follow their thinking.

Because 6MAN had not finished deciding exactly what it wanted to do
regarding zero checksums in UDP, we sidestepped the issue as much
as we could.

BEHAVE allows a configuration option to (a) drop an IPv4 UDP packet 
without a checksum, or (b) have the translator calculate the checksum:

http://tools.ietf.org/html/draft-ietf-behave-v6v4-xlate-23#section-4.5

That document has finished IESG review.

-d


> > > It  is probably OK for most 802.15.4 cases since L2 security is
> almost always
> > on and protects the frames a lot better than 2 octets of checksum.
> >
> > Against transmission corruption, but not necessarily against
> corruption during
> > on-node processing during forwarding; think faulty RAM (yes, rare.)
> 
> [Pascal] Well:
> 
> 1) 2 bytes checksum is not exactly a great protection anyway. When I
> was
> younger, I've had a sad experience on a SNA MLTG that would hang
> because
> of the 2 bytes CRC of SDLC. 65535 out of 65536 errors would be caught.
> Even on T1 lines, that proved insufficient.
> 
> 2) The memory error can also happen in the transmitter before checksum
> or on the receiver application.
> 
> > > But if there's no security at work, it would probably be better to
> let the
> > packet go with a zero checksum and add some text on authorizing that
> an
> > arbitrary end point.
> >
> > You mean let an IPv6 UDP packet go with a zero checksum? That's at
> the
> > moment not allowed by RFC2460. The 6MAN WG is discussing just this
> topic.
> 
> [Pascal] Exactly. Without that 6MAN work, we had to reform a normal UDP
> packet, thus the current text.
> But now, with the 6MAN work (on tunnels mostly as it goes), there might
> be an opening.
> How would you suggest we move forward?
> 
> >
> > Lars

v2.23.0 | Report a Bug | By Email