Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Ole Troan <otroan@employees.org> Fri, 27 July 2018 18:24 UTC

Return-Path: <otroan@employees.org>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 743CD130EB9; Fri, 27 Jul 2018 11:24:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gfb4Fy8b7a6t; Fri, 27 Jul 2018 11:24:18 -0700 (PDT)
Received: from accordion.employees.org (accordion.employees.org [198.137.202.74]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A63BD130E89; Fri, 27 Jul 2018 11:24:18 -0700 (PDT)
Received: from [192.168.10.187] (30.51-175-112.customer.lyse.net [51.175.112.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by accordion.employees.org (Postfix) with ESMTPSA id DB78A2D5270; Fri, 27 Jul 2018 18:24:16 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (1.0)
From: Ole Troan <otroan@employees.org>
X-Mailer: iPhone Mail (15G77)
In-Reply-To: <CALx6S34LmARXPyooLEq_zT3-UkSryfxHZT2G5C-x3tRtc13A4Q@mail.gmail.com>
Date: Fri, 27 Jul 2018 20:24:12 +0200
Cc: Fernando Gont <fernando@gont.com.ar>, "internet-area@ietf.org" <int-area@ietf.org>, "intarea-chairs@ietf.org" <intarea-chairs@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <56955CDF-7BD1-4BE9-B452-FE78A5F80973@employees.org>
References: <F227637E-B12D-45AA-AD69-74C947409012@ericsson.com> <0466770D-C8CA-49BB-AC10-5805CFDFB165@strayalpha.com> <8e5ba0b3-837e-02d1-d9d9-7c5e596c1774@gont.com.ar> <CALx6S34VMeLS7bqL4Zt0xZ+==5hUT7Q2=5m01a14mJ4B3J6G3g@mail.gmail.com> <50a1e177-6b37-b89a-2caf-5caf1cbc955b@gont.com.ar> <CALx6S34LmARXPyooLEq_zT3-UkSryfxHZT2G5C-x3tRtc13A4Q@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/8yj-Sxtc5y_0qF0MQ7-7YLJqnUY>
Subject: Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2018 18:24:21 -0000


> On 27 Jul 2018, at 19:20, Tom Herbert <tom@herbertland.com> wrote:
> 
> Right, but I still think that we should be more clear about the root
> origin of problems and blunt in requesting that non-conformant
> implementations get fixed.

Barring bugs,  implementations work the way they do because customers have required them to have features that are used to parse deep into packets. 

IPv6 extension headers where to some extent designed to make it hard to parse in hardware. Not that, that helped. 

Yes, we agree on the root cause. But since these are legitimate features (from the perspective of whomever is operating the middlebox) this isn’t something that can be fixed by decree or by claiming it’s a bug. 

The tool we have in fighting ossification, is crypto. 

Cheers 
Ole