TSVART review of draft-ietf-6man-deprecate-atomfrag-generation
Joe Touch <touch@isi.edu> Fri, 26 August 2016 19:30 UTC
Return-Path: <touch@isi.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 119CE12D0DD; Fri, 26 Aug 2016 12:30:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.447
X-Spam-Level:
X-Spam-Status: No, score=-7.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.548] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-joraw_lMqp; Fri, 26 Aug 2016 12:30:36 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63FD512D7F3; Fri, 26 Aug 2016 12:30:33 -0700 (PDT)
Received: from [128.9.184.193] ([128.9.184.193]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id u7QJTdIo027716 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 26 Aug 2016 12:29:39 -0700 (PDT)
From: Joe Touch <touch@isi.edu>
To: 6man <ipv6@ietf.org>
Subject: TSVART review of draft-ietf-6man-deprecate-atomfrag-generation
Message-ID: <786d5c2c-a88d-7539-9604-6df0b8ed68dd@isi.edu>
Date: Fri, 26 Aug 2016 12:29:39 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------EC737707B399A92D0C88158E"
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/cW-M-O_ztQfL3TlgXMHOiWpV54w>
Cc: "tsv-art@ietf.org" <tsv-art@ietf.org>, draft-ietf-6man-deprecate-atomfrag-generation@ietf.org, Transport Area <tsv-area@ietf.org>, IETF discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Aug 2016 19:30:38 -0000
Hi, all, I've reviewed this document as part of the Transport Area Review Team's (TSVART) ongoing effort to review key IETF documents. These comments were written primarily for the transport area directors, but are copied to the document's authors for their information and to allow them to address any issues raised. When done at the time of IETF Last Call, the authors should consider this review together with any other last-call comments they receive. Please always CC tsv-art@ietf.org <mailto:tsv-art@ietf.org> if you reply to or forward this review. Please resolve these comments along with any other Last Call comments you may receive. Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-6man-deprecate-atomfrag-generation Title: Generation of IPv6 Atomic Fragments Considered Harmful Reviewer: J. Touch Review Date: August 26, 2016 IETF Last Call Date: August 8, 2016 Summary: This draft is on the right track but has open issues, described in the review. The document has no issues directly applicable to transport protocols. The impact on transports is indirect, in the ability of RFC 6145-style IPv6/IPv4 translators to support IPv6-to-IPv4 translation and deal with IPv4-side fragmentation. However, there are some important non-transport issues that are noted below. Major issues: The impact of this change does not appear to have been explored. Section 3 ends with a claim that links where this translation issue would be a problem are rare, but there is no evidence presented as to whether current RFC 6145 translators would be capable of complying with the changes in this doc, e.g., to be able to generate IPv4 IDs as needed. I.e., this document needs to update RFC6145 Sec 5.1 to require that IPv4 ID generation MUST be supported (and used), rather than MAY. The document concludes that the translator should create IPv4 IDs rather than relying on atomic fragments as a source of that information (as per RFC2460) because there is no benefit, but are two reasons why this method is directly hazardous as well: 1) RFC 2460 does not require that the IPv6 ID field is generated to ensure that the low 16-bits are unique as required for use as IPv4 IDs as defined in RFC 6145, and 2) RFC 6145 translation could result in collisions where two distinct IPv6 destinations are translated into the same IPv4 address, such that IDs that might have been generated to be unique in the IPv6 context could end up colliding when used in the translated IPv4 context. I.e., this does not require ECMP as implied in Section 3. Minor issues: IMO, it remains unwise to continue to imply that networks should treat packets with fragment headers as an attack. Fragmentation support is critical to tunneling (see draft-ietf-intarea-tunnels) and we need to find ways to support their use safely. The text should be edited to explain that the primary motivation here is to avoid generating erroneous IPv4 ID fields, rather than to react to the incorrect classification of fragment headers as incompatible with the Internet. The claim that links with IPv6 MTUs smaller than 1260 are rare needs to be supported with evidence. I appreciate that such evidence may be difficult to observe. In the absence of evidence, the statement should be more clear that there is no evidence to the contrary -- which is not the same as being able to claim that they *are* in fact rare. --
- TSVART review of draft-ietf-6man-deprecate-atomfr… Joe Touch
- Re: TSVART review of draft-ietf-6man-deprecate-at… Fernando Gont
- Re: TSVART review of draft-ietf-6man-deprecate-at… Joe Touch
- Re: TSVART review of draft-ietf-6man-deprecate-at… Fernando Gont
- Re: TSVART review of draft-ietf-6man-deprecate-at… Joe Touch
- Re: TSVART review of draft-ietf-6man-deprecate-at… Brian E Carpenter
- Re: TSVART review of draft-ietf-6man-deprecate-at… Fernando Gont
- Re: TSVART review of draft-ietf-6man-deprecate-at… Joe Touch