Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet Protocol, Version 6 (IPv6) Specification) to Internet Standard

Fernando Gont <fgont@si6networks.com> Thu, 02 February 2017 09:15 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E270129648; Thu, 2 Feb 2017 01:15:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NXgrEni1btb9; Thu, 2 Feb 2017 01:15:29 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 121B512963C; Thu, 2 Feb 2017 01:15:26 -0800 (PST)
Received: from [IPv6:2001:1291:200:42e::2] (cl-1071.udi-01.br.sixxs.net [IPv6:2001:1291:200:42e::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id EED1783629; Thu, 2 Feb 2017 10:15:18 +0100 (CET)
Subject: Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet Protocol, Version 6 (IPv6) Specification) to Internet Standard
To: ietf@ietf.org
References: <148599296506.18647.12389618334616420462.idtracker@ietfa.amsl.com>
From: Fernando Gont <fgont@si6networks.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <30725d25-9829-bf50-23c6-9e1b757e5cba@si6networks.com>
Date: Thu, 02 Feb 2017 06:14:46 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <148599296506.18647.12389618334616420462.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/ZCb-vxQ6AsjveevcXAA_jdTtjSY>
Cc: draft-ietf-6man-rfc2460bis@tools.ietf.org, ipv6@ietf.org, 6man-chairs@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 09:15:31 -0000

Folks,

Some comments:


*  Section 4.8 ("Defining New Extension Headers and Options")

Specification of new EHs would bring problems. And, for instance,
recommending a specific format for new EHs does not really help.

A key problem with the Uniform Format for IPv6 Extension Headers
described in this section (originally specified in RFC6564) lies in that
both IPv6 Extension Headers and Transport Protocols share the same "Next
Header" registry/namespace.  Thus, given an "unknown Next Header value",
it is impossible to tell whether the aforementioned value refers to an
IPv6 Extension Header that employs the aforementioned uniform format, or
an "unknown" upper-layer protocol (e.g. an "unknown" transport
protocol).  That is, while this document (and RFC6564) specifies the
syntax for a Uniform Format for IPv6 Extension Headers, it does not
provide a mechanism for a node to identify whether the aforementioned
format is being employed in the first place.

The current impossibility to parse an IPv6 header chain that includes
unknown Next Header values results in concrete implications for the
extensibility of the IPv6 protocol, and the deployability of new
transport protocols.  Namely,

 o  New IPv6 extension headers cannot be incrementally deployed.

 o  New transport protocols cannot be incrementally deployed.


We've elaborated on this topic in draft-gont-6man-rfc6564bis. One
possible way to address this problem is simply to ban the specification
of new EHs. Another is to d something along the lines of
draft-gont-6man-rfc6564bis. However, the current text seems misleading
-- for instance as is, it doesn't buy much to have a "unified format"
for new EHs, since you don't really know how to parse that EH in the
first place.


* Section 3:

Regarding the "version" field, it might be useful to note that it should
be checked that, upon receipt of a packet, it is actually 6. It
shouldn't matter, but in practice, it might. Please see:
<http://blog.si6networks.com/2016/02/quiz-weird-ipv6-traffic-on-local-network.html>
for a real-world scenario.


* Security Considerations section

I think the security considerations section should be augmented.

For example, the Extension Headers have been known to be useful for the
evasion of security controls. While in theory this need not be the case,
in practice it is.


* Appendix B ("CHANGES SINCE RFC2460")

I think this section should summarize the changes since RFC2460 but
*not* on a "per I-D version basis". That is, "as is", it is hard to
figure out what has changed since RFC2460.

Thanks!

Best regards,
Fernando




On 02/01/2017 08:49 PM, The IESG wrote:
> 
> The IESG has received a request from the IPv6 Maintenance WG (6man) to
> consider the following document:
> - 'Internet Protocol, Version 6 (IPv6) Specification'
>   <draft-ietf-6man-rfc2460bis-08.txt> as Internet Standard
> 
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@ietf.org mailing lists by 2017-03-01. Exceptionally, comments may be
> sent to iesg@ietf.org instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
> 
> Abstract
> 
> 
>    This document specifies version 6 of the Internet Protocol (IPv6).
>    It obsoletes RFC2460
> 
> 
> 
> 
> The file can be obtained via
> https://datatracker.ietf.org/doc/draft-ietf-6man-rfc2460bis/
> 
> IESG discussion can be tracked via
> https://datatracker.ietf.org/doc/draft-ietf-6man-rfc2460bis/ballot/
> 
> 
> No IPR declarations have been submitted directly on this I-D.
> 
> 
> The document contains these normative downward references.
> See RFC 3967 for additional information: 
>     rfc4443: Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification (Draft Standard - IETF stream)
>     rfc3168: The Addition of Explicit Congestion Notification (ECN) to IP (Proposed Standard - IETF stream)
> Note that some of these references may already be listed in the acceptable Downref Registry.
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
> 


-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492