Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet Protocol, Version 6 (IPv6) Specification) to Internet Standard

Joe Touch <touch@isi.edu> Tue, 07 February 2017 19:31 UTC

Return-Path: <touch@isi.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21395129E50; Tue, 7 Feb 2017 11:31:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jhz67DDJejaf; Tue, 7 Feb 2017 11:31:22 -0800 (PST)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 745C9129E47; Tue, 7 Feb 2017 11:31:22 -0800 (PST)
Received: from [128.9.184.104] ([128.9.184.104]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id v17JV2E2006947 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 7 Feb 2017 11:31:03 -0800 (PST)
Subject: Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet Protocol, Version 6 (IPv6) Specification) to Internet Standard
To: "tom p." <daedulus@btconnect.com>, otroan@employees.org, Pete Resnick <presnick@qti.qualcomm.com>
References: <D2D907D5-84B4-43BB-9103-F87DA9F122EB@employees.org> <01c901d27ee6$754994a0$4001a8c0@gateway.2wire.net>
From: Joe Touch <touch@isi.edu>
Message-ID: <49e46b3e-1f23-4465-2528-4057da21cead@isi.edu>
Date: Tue, 7 Feb 2017 11:31:03 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <01c901d27ee6$754994a0$4001a8c0@gateway.2wire.net>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/ER116Fx4L8ikTP2F7m3P0p6aoYc>
Cc: draft-ietf-6man-rfc2460bis@tools.ietf.org, ietf@ietf.org, Stefano Previdi <sprevidi@cisco.com>, 6man-chairs@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2017 19:31:24 -0000

Hi, all,

I suppose I'm in the group below.

IMO:

    - the IPv6 base header and HBH EHs are the only ones that
intermediate nodes should even *look* at

    - everything else should be prohibited

    - there's little point in talking about middlebox behavior at all
until we have compliance verification in place

One other observation:

    - frag processing doesn't say what to do with an exact overlap that
isn't a exact duplicate (e.g., when the content differs). AFAICT, that
should be treated the same as an overlapping fragment - i.e., only
*exact* duplicates should be (optional, as already noted) silent
discards (but this does then create a potential DOS vector because of
the additional processing for dup frags - and that should be noted).

AFAICT, the only way a "middlebox" can legitimately get away doing more
than above is when it can claim it is doing so on behalf of an endpoint,
i.e., to claim that the endpoint services are distributed upstream. IMO,
that argument is OK for devices under the same control as the endpoint,
but not otherwise. However, that's all just a philosophical argument
without compliance verification anyway.

Joe

On 2/4/2017 4:48 AM, tom p. wrote:
> I do not know how to make it happen but I would like to see considered
> opinions on this rather important issue from those I see active on lists
> such as tcpm, arch-d and intarea whom I do not see active on v6(ops).
>
> Tom Petch
>
>
> ----- Original Message -----
> From: <otroan@employees.org>
> To: "Pete Resnick" <presnick@qti.qualcomm.com>
> Cc: "tom p." <daedulus@btconnect.com>om>; <6man-chairs@ietf.org>rg>;
> <draft-ietf-6man-rfc2460bis@tools.ietf.org>rg>; "Stefano Previdi"
> <sprevidi@cisco.com>om>; <ietf@ietf.org>
> Sent: Saturday, February 04, 2017 8:32 AM
> Subject: Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet
> Protocol, Version 6 (IPv6) Specification) to Internet Standard
>
>
> Thank you Pete! You are of course right.
>
> Let me try to provide some background of the issue.
>
> The contentious text is the following paragraph from 2460:
>
>   With one exception, extension headers are not examined or processed
>   by any node along a packet's delivery path, until the packet reaches
>   the node (or each of the set of nodes, in the case of multicast)
>   identified in the Destination Address field of the IPv6 header.
>
> Essentially the question is:
> - Does the IPv6 architecture permit insertion of extension headers
> and/or header options by a node along the packet's delivery path?
>
> This question came up triggered by discussions around some recent
> proposals:
> - draft-ietf-conex-destopt,
> - RFC4782 (does header deletion)
> - draft-ietf-6man-segment-routing-header
> - draft-brockners-inband-oam-transport
>
> The IP architecture (IPv4 and IPv6) supports _modifying_ IP options in
> flight, but it is unclear if it could permit changing the IP datagram's
> size.
> Increasing a packets size in flight would break PMTUD (RFC1981), AH, and
> might results in other ICMP error messages being sent to an unsuspecting
> source.
>
> There were three main positions argued in the working group.
>
> 1) Ban header insertion outright.
> 2) Describe the problems with header insertion.
> 3) No changes to RFC2460 text.
>
> Permitting header insertion in the sense of specifying how header
> insertion could possibly work is of course outside the scope of
> advancing RFC2460.
>
> The chairs tried various approaches to find a consensus without luck.
> The approach finally chosen was a poll between the three options. And
> the (rough) consensus was based on the data from the poll.
>
> Excerpt from the shepherds writeup:
>
> A working group last call for moving this and the other two documents to
> Internet Standard was started on 30 May 2016. Reviews were also
> requested. Issues found during the last call and reviews were entered
> into the 6MAN ticket system. These are now closed. The biggest issue
> raised was how to handle the issue of Extension Header insertion in this
> document. After many discussion on the mailing list and face to face
> meeting, there wasn’t a clear consensus. The chairs conducted an online
> survey that provided three choices: Ban header insertion, describe the
> problems with header insertion, or say nothing. The result of the survey
> was to describe the solution. The results and methodology used to
> evaluate the results can be seen at:
> https://mailarchive.ietf.org/arch/msg/ipv6/_gG2foiugk5B7w3TpnPvBbjHDzs
> This was discussed at the 6MAN session at IETF97 and on the mailing list
> after the meeting. The chairs believe there is a consensus to go forward
> with the text that is in draft-ietf-6man-rfc2460bis-08.
>
> The summary given to the working group calling for the poll:
> https://mailarchive.ietf.org/arch/msg/ipv6/AtY92TpJ3vvmiidzcPkJdXKZQIA/?
> qid=84de5e109c8f8f255d03c4c98ff3e50c
>
> Best regards,
> Ole, 6man co-chair
>