Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet Protocol, Version 6 (IPv6) Specification) to Internet Standard

otroan@employees.org Tue, 14 February 2017 18:59 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F36721294C2 for <ietf@ietfa.amsl.com>; Tue, 14 Feb 2017 10:59:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=employees.org; domainkeys=pass (1024-bit key) header.from=otroan@employees.org header.d=employees.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C-d3dj9R7dpe for <ietf@ietfa.amsl.com>; Tue, 14 Feb 2017 10:59:44 -0800 (PST)
Received: from esa01.kjsl.com (esa01.kjsl.com [IPv6:2607:7c80:54:3::87]) by ietfa.amsl.com (Postfix) with ESMTP id EBCC2129739 for <ietf@ietf.org>; Tue, 14 Feb 2017 10:59:43 -0800 (PST)
Received: from cowbell.employees.org ([198.137.202.74]) by esa01.kjsl.com with ESMTP; 14 Feb 2017 18:59:43 +0000
Received: from cowbell.employees.org (localhost [127.0.0.1]) by cowbell.employees.org (Postfix) with ESMTP id 9BC6BD788A; Tue, 14 Feb 2017 10:59:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h=from :message-id:content-type:mime-version:subject:date:in-reply-to :cc:to:references; s=selector1; bh=YkVufYEEk23ImnRC0oVrvTFRi5Y=; b= sX99y3UJqgr2MdNIiXS9oEBiX+nlKuoE565us0x5opCEa4VuYU0ejbL5rLnXi1MJ 2fGfoVH/exulkSDDB752Dy8JmfmuUwBXjVBMnVK2DlX4FHIimjILNdBH8bxkWttd Q9h4JAgaM41ZXHQVoo0lArfrEXuRUxOCr9/GLILQlR4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=from :message-id:content-type:mime-version:subject:date:in-reply-to :cc:to:references; q=dns; s=selector1; b=i2fk2nGL9i1qfWWWuKKrSnZ /U4NbKZequUWIT+kCIFYVKirnxJEWY46d6aEv6kRiPNFYpvXNYgC2Chq3Xc6Gedr vHvwa361xwiAFsJmTH+wAD1b8w2Wi3jk22FcohVLvBM9XXE+mzC1vXu0r/6kWuAq UrCPQzb93oKZTKoxu8ak=
Received: from h.hanazo.no (96.51-175-103.customer.lyse.net [51.175.103.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: otroan) by cowbell.employees.org (Postfix) with ESMTPSA id 3EE4DD788E; Tue, 14 Feb 2017 10:59:43 -0800 (PST)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by h.hanazo.no (Postfix) with ESMTP id 388148ADFA4F; Tue, 14 Feb 2017 19:59:49 +0100 (CET)
From: otroan@employees.org
Message-Id: <523D6E9B-5504-4AA6-81B7-81B68E742E6E@employees.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_61DD03A2-BF32-430C-B198-CAC7EFDDC689"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet Protocol, Version 6 (IPv6) Specification) to Internet Standard
Date: Tue, 14 Feb 2017 19:59:48 +0100
In-Reply-To: <48b1988d-2074-3e60-62ba-5943e6ec8b91@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
References: <148599296506.18647.12389618334616420462.idtracker@ietfa.amsl.com> <EA7E5B60-F136-47C6-949C-D123FB8DA70E@cisco.com> <00af01d27e11$fe539500$4001a8c0@gateway.2wire.net> <60F01869-8B32-46D3-80B1-A140DF1DDA8A@employees.org> <8D401C5B-C3C3-4378-9DFA-BF4ACC8E9DAF@qti.qualcomm.com> <D2D907D5-84B4-43BB-9103-F87DA9F122EB@employees.org> <33DC7B74-D240-4FF2-A8FF-C9C5A66809EE@qti.qualcomm.com> <1179DE45-3971-44A1-9630-28F76D2D652D@employees.org> <2ea64b3c-d69d-6b6c-cb04-fe63727a8bee@si6networks.com> <23C46409-337C-468D-BCDC-34027BB56CAD@employees.org> <30715b9e-e9b7-320e-f9e2-fc3f64615d5c@si6networks.com> <CAJE_bqcKu1XVQOPzcd+8b68WcQyjH9QmszaSvKWhT8SvHJ0ppg@mail.gmail.com> <m2y3xdpmjd.wl-randy@psg.com> <5333378B-0F8D-4966-82B2-DFF9639CEC7D@fugue.com> <3a180e40-936b-956b-9fc3-5ecdd4d905ee@gmail.com> <m2poippisc.wl-randy@psg.com> <13830253-67ab-cb26-4fa0-f40a24f1a5bc@gmail.com> <76D87C97-1ECB-4E92-8FE7-ADAF464DB8FD@employees.org> <a0aaa86f-db08-4363-f9c6-0b55ceadc3b9@gmail.com> <48b1988d-2074-3e60-62ba-5943e6ec8b91@joelhalpern.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/J8giGeofl5di7_0VfVw750ox7po>
Cc: IETF discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2017 18:59:46 -0000

Joel,

> There are two separate but related issues here.  One is what behavior we want to require.  The other is whether we make the document clear.
> 
> I think choosing to leave a document going to Internet Standard ambiguous is a serious mistake, bordering on failure.  We know that the choice of permitting insertion of extension headers has interoperability implications.  There are weveral ways we can clarify the text.
> o We could say "MUST NOT" be added.  Preferably with explaantion of the problems being avoided.

Yes.

> o We could say "MUST NOT unless some other standards track RFC says it is okay" which is technically correct but confusing.

That's redundant. A new standards RFC can always be written that will override this.

> o We can say "SHOULD NOT unless ..." as long as we can write a clear description of the conditions under which it is safe.

As the 6man chair we declared that as out of scope in the context of advancing 2460 to Internet standard.

> o We can say "AMY< but note that doing so has the following risks" if that is the IETF rough consensus.

Middleboxes live in unregulated territory, there was no support (or even suggestion) in the working group for explicitly permitting header insertion.

> But leaving it ambiguous ought to be a non-starter.

Why?
Leaving it as it was, including describing what we would imagine it would break was the preferred solution in the working group.
Note that both IPv4 and IPv6 has this so-called ambiguity, that has caused no known interoperability issues and has existed for decades.

This is perceived as an ambiguity only because we as a community have accepted layer violations for so long.
This can be exemplified by discussions on maximum extension header length in IPv6. The only reason that discussion happens is because middleboxes require access to the transport header and beyond. In a purist 2460 view a router doing 5-tuple ECMP is not compliant with the specification. Clarifying that ambiguity would probably not make the operational community proud of us.

The only purpose an outright ban would achieve, would be a pre-emptive strike against potential future standardisation.

So when you think long enough about it, which choice you pick will unlikely have much consequence either way. It has no effect on implementations, it is not testable. In the context of 2460 this isn't a debate with many technical points.

Which is why the working group could not reach a consensus, and we ended up decided it with a poll. Do you prefer your bike shed red, yellow or green. You have added a couple of more colours.

> Personally, I would go with "MUST NOT", as I think that is the robust and interoperable answer.  But that is MUCH less important to me than our being unambiguous.

There is an infinite set of creative (ab)uses of 2460 that hasn't been banned. I would claim it would be impossible to write a document which would MUST NOT every potential abuse.

Best regards,
Ole