IETF Logo Mail Archive

Re: [Int-area] New Version Notification for draft-herbert-ipv4-eh-03.txt

Tom Herbert <tom@herbertland.com> Thu, 21 March 2024 14:19 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54A01C18DB90 for <int-area@ietfa.amsl.com>; Thu, 21 Mar 2024 07:19:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RXZE80aUFnGv for <int-area@ietfa.amsl.com>; Thu, 21 Mar 2024 07:19:22 -0700 (PDT)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 424D7C180B7C for <int-area@ietf.org>; Thu, 21 Mar 2024 07:19:22 -0700 (PDT)
Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-a470c79ef7cso138769866b.0 for <int-area@ietf.org>; Thu, 21 Mar 2024 07:19:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1711030760; x=1711635560; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=cwHkF7x/pnKHk//CBPbLsUDpYjoj0ONTW3fbxPuX2ws=; b=W1u0hoDJ4ErJVgZPuFH5Tll+0z0RkjaeSh8NhPXWCH6s5TC6w9nCzjozoQy7zde3mv 6OzT33aJLCp3uJEijM4WjGKImKVbkmi5kb1evnSAOQhLnlalj7Pq1f8Wni84ztVo8Adf XAOoiIwZCeiOohfa0bAQAzGMW95RabQRYh1BOP9krwY05AVQqqcGrrjhGi2PWZNEiqpC glf+LegjNlCknk+0PtXlfhEEXwcjV/OppweMlfH3qUJGqoRECNZnxah/O3+aBwNEFvzb gCij4qYx1tV1GyvrZqqk61KkRoiR/UE2M2DBTwXh3WIqK1qrDB/dGuIxdjC1KS09Uf4a z/Lw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711030760; x=1711635560; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cwHkF7x/pnKHk//CBPbLsUDpYjoj0ONTW3fbxPuX2ws=; b=XIatkvKtx+5JFmTHg9oKORhWuKeou7SLE+7eg/Bhq5q7G+1wGmueeUGqhSN+MO7soR Ur2B8QL4tB4S1Kzf3LBxr0MvhvS6KDKNpz9kPk3ZbL6YGhlwbJJvJYYNcmcfjWaW8DOb AzVfgkAUpj/ClLI0lFV4VtxkiuTVWS5Sg9KaNCVFcB3kFIeSDzRuNofBlZyAdx2cfZYx rcDuwOj8zFoEQaE3JaTlzyyNPdsucjmOWCMpLdDav7NHdMPTeCMLcQijskZTVxLB0EF4 /DbAFoAHewHZpE/K4UTZOVfB+EI3NQVh0MXxSYDX9SjOIRMaU77Sfwokc0BVW0DCyErj zHDQ==
X-Forwarded-Encrypted: i=1; AJvYcCVsk+sgThQZFSA/iKgXiLu/F9HVL7Xc4xssOcgtQvDbFRLMVpgPTRT/ZSixHS0pkfEEW9CGY7UQDwsN5lwTQpnZOw==
X-Gm-Message-State: AOJu0YztRXV/X3fwSOG7Q/HdxJKziUwtvv5/rPpx/tUysx5L5D3GxLMy 6t4ji5rdawABocEHYGVAw/z+BjKOGr4+fa5RBT/e+Zz3KjifFshZxP+k3bve0+jJV3nnRD1ndEi brO3ag0gm7QRYJ6Njndcu2q7Oy62dBNotIvFn
X-Google-Smtp-Source: AGHT+IGpaRlH1vU8CRFaYyRPpnS786qrhQQyhDY1AnNVMPwJ4ZnhXlt5p56B1NAVVr52ZNxs62KBLLT5Czf38T6KLCI=
X-Received: by 2002:a17:906:3147:b0:a46:ecdd:6b3 with SMTP id e7-20020a170906314700b00a46ecdd06b3mr2513829eje.29.1711030759419; Thu, 21 Mar 2024 07:19:19 -0700 (PDT)
MIME-Version: 1.0
References: <170865175505.14082.3856617737779580933@ietfa.amsl.com> <CALx6S363oh+7rNMaMa0s+9A-xeyLBy+ct-Q_Bx0xQm_di1PPJA@mail.gmail.com> <ZeZjGyxmuapXz5tb@faui48e.informatik.uni-erlangen.de> <CALx6S34OFL7tzabL+RMvB3nkad5k9esCD_dFpMi6DUtUEG-Dmg@mail.gmail.com> <ZedO1u7aheBhZ26N@faui48e.informatik.uni-erlangen.de> <ZfurRK_oNVES2hVz@faui48e.informatik.uni-erlangen.de> <CALx6S36L57vPa5YkiV3khYbFpPPgPUVynWaRVno0BufvXcALeA@mail.gmail.com> <1895C8F1-C92C-4DB8-8792-4248AB75E905@gmail.com>
In-Reply-To: <1895C8F1-C92C-4DB8-8792-4248AB75E905@gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 21 Mar 2024 07:19:08 -0700
Message-ID: <CALx6S35i9wYJHGSbLH-Mth-XcvUNd-c6WLaEy+kb6OQv9mWDqA@mail.gmail.com>
To: Bob Hinden <bob.hinden@gmail.com>
Cc: Toerless Eckert <tte@cs.fau.de>, int-area <int-area@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/Qzdf77mdEBpssYMOq_joAvU9soo>
Subject: Re: [Int-area] New Version Notification for draft-herbert-ipv4-eh-03.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Internet Area WG Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2024 14:19:26 -0000

On Thu, Mar 21, 2024 at 12:36 AM Bob Hinden <bob.hinden@gmail.com> wrote:
>
> Tom,
>
> > On Mar 21, 2024, at 2:20 PM, Tom Herbert <tom=40herbertland.com@dmarc.ietf.org> wrote:
> >
> > On Wed, Mar 20, 2024 at 8:36 PM Toerless Eckert <tte@cs.fau.de> wrote:
> >>
> >> Btw: When i asked on of the 6MAN chairs, about the meaning of an Internet Protocol
> >> Number being an "IPv6 Extension Header" or not, the answer was that in his
> >> interpretation it is simply whether the header itself has it's own "Next Header"
> >> field using the IANA Assigned Internet Protocol Numbers registry - or not.
> >
> > Thanks for asking. So by this definition IPv4 already supports
> > extension headers :-).
>
> As I remember it, Authentication Header (AH) and Encapsulating Security Payload (ESP) were first developed for IPv6 and then adapted to IPv4.

Bob,

Yes, that is one of the motivations to support other extension headers
in IPv4. Basically, we're just backporting useful forward looking
features from IPv6 to IPv4.

Tom

>
> Bob
>
>
> >
> >>
> >> In other words, Destination Option Headers do not have fundamentally distinct
> >> processing requirements on the destination host examining it than any other
> >> possible protocol header (e.g.: UDP, TCP), or at least we could not find such a description
> >> for any such guiding rules or treatment differences in RFC8200.
> >
> > Yes, that's mostly how all the IP protocols are implemented.
> > Processing of an encapsulated  protocol isn't completely independent,
> > for instance the pseudo header for the TCP and UDP checksum is
> > different for IPv4 and IPv6.
> >
> >>
> >> To me this means that it's simply a matter of consistency of simply calling ESP and AH
> >> "Extension Headers" when we do introduce this concept into IPv4.
> >
> > Agreed.
> >
> >>
> >> Of course, this interpretation is not fully consistent with the way the
> >> "IPv6 Extension Header" flag is used in the registry: IPv6 itself does not have this
> >> flag, so likely IPv4 should neither, even though both have this "next header" field,
> >> but maybe this can be explained by both ofg these being recursion instead of extension
> >> when happening in a header chain.
> >
> > Yes, although it's not clear to me how relevant the flag in the
> > registry is. In any case, for IPv4 extension headers it makes sense to
> > be consistent with IPv6.
> >
> > Tom
> >
> >>
> >> Cheers
> >>    Toerless
> >>
> >> On Tue, Mar 05, 2024 at 05:56:54PM +0100, Toerless Eckert wrote:
> >>> On Mon, Mar 04, 2024 at 06:11:38PM -0800, Tom Herbert wrote:
> >>>> We can treat them as EH for purposes of extension header ordering in
> >>>> section 2.2. Also, IPv4 AH needs to be updated to take EH into account
> >>>> as mentioned below. Other than that I don't believe there are any
> >>>> substantive differences.
> >>>
> >>> Yes, i am trying to use ESP/AH as examples to understand the benefits
> >>> of destination headers as opposed to just non-extension headers ..
> >>>
> >>>> No changes to APIs, we can use the same APis in IPv6 with IPv4. Kernel
> >>>> changes to Linux will be straightforward.
> >>>
> >>> My question was not about differences in API between IPv4/IPv6, but between when
> >>> ESP/AH are (as currently) NOT extension headers in IPv4 vs. after they become
> >>> extension because the kernel changes have been applied.
> >>>
> >>> Ul;timately, i am trying to understand whether, and if so WHY we should
> >>> reclassify ESP and AH in IPv4 to be extension headers. Right now the only
> >>> argument i would know would be "consistency with IPv6", but that by itself
> >>> does not seem to be sufficient to change something for what's being deployed
> >>> worldwide in so many places. So there should be a technical benefit.
> >>>
> >>> And if the answer is "it does not make any difference whatsoever", then i also
> >>> wonder why we would want to do it...
> >>>
> >>>>> Any other functional differences ? Aka: i couldn't find a simple:
> >>>>>
> >>>>> "If i want to define a new protocol header, should i call it an
> >>>>> extension header or an ipv6 extension header - for Dummies" ?
> >>>>
> >>>> I think there are IPv6 extension headers and IPv4 extension headers.
> >>>> IPv4 extension headers are probably just a subset of IPv6 extension
> >>>> headers.
> >>>
> >>> That's certainly safer, e.g.: asking for a separate column in the IANA registry.
> >>>
> >>>>> be renamed to "IP/IPv6 Extension Header". But when this was done
> >>>>> to AH/ESP, and there actually is a functional difference expressed by
> >>>>> this extension header (as opposed to non-extension header) status, then
> >>>>> what be the imapct of this ? Aka: I upgrade my linux kernel to extension
> >>>>> header and all my AH/ESP breaks ?  Or i do get the benefit of above
> >>>>> (userland access) ?
> >>>>>
> >>>>> Would there be any (backward compatibility) reason to have new codepoints in IPv4 for ESP/AH
> >>>>> with this extension header status and leave the existing (non extension
> >>>>> header) codepoints alone ?
> >>>>
> >>>> No, I don't think we need that. ESP/AH should be backwards compatible.
> >>>> For instance, if someone sends AH with HBH in IPv4 then they know that
> >>>> their using EH and AH would take into account mutable HBH options. If
> >>>> the packet is sent to a host that supports IPv4 EH then they would
> >>>> know how to process the AH with HBH correctly. If the packet is sent
> >>>> to a legacy node that doesn't support EH, then the packet will bv
> >>>> dropped since the host doesn't recognize protocol 0 (HBH).
> >>>
> >>> Not clear. What you are writing implies that the encoding on the wire would
> >>> change for AH from what it is now. What's exactly the change ? It's not
> >>> in the next header field...
> >>>
> >>>> There is no
> >>>> behavioral change at either the receiver or the sender if someone
> >>>> sends an AH with no other EH. The draft will need to update RFC4302 to
> >>>> describe AH processing with IPv4 EH present.
> >>>>
> >>>> RFC4303 needs an update as well, but that's just to say that EH after
> >>>> the ESP is covered by the encryption, but I don't believe that
> >>>> materially changes the requirements.
> >>>
> >>> I guess unless i can get excited for AH/ESP to get some improved behavior
> >>> when turning into extension headers (see Q above), i'd probably stick to not touching
> >>> them, aka: do not declare them to be extension headers for IPv4.
> >>>
> >>> Cheers
> >>>    Toerless
> >>>
> >>>> Tom
> >>>>
> >>>>>
> >>>>> Cheers
> >>>>>    Toerless
> >>>>>
> >>>>> On Thu, Feb 22, 2024 at 05:40:31PM -0800, Tom Herbert wrote:
> >>>>>> Hi,
> >>>>>>
> >>>>>> I updated the IPv4 extension headers draft. I structured it to be
> >>>>>> self-contained without any normative references for IPv6 RFCs. It's a
> >>>>>> little bigger, but about 80% of the text is cut-and-paste from other
> >>>>>> RFCs and drafts.
> >>>>>>
> >>>>>> Comments are appreciated!
> >>>>>>
> >>>>>> Tom
> >>>>>>
> >>>>>> ---------- Forwarded message ---------
> >>>>>> From: <internet-drafts@ietf.org>
> >>>>>> Date: Thu, Feb 22, 2024 at 5:29 PM
> >>>>>> Subject: New Version Notification for draft-herbert-ipv4-eh-03.txt
> >>>>>> To: Tom Herbert <tom@herbertland.com>
> >>>>>>
> >>>>>>
> >>>>>> A new version of Internet-Draft draft-herbert-ipv4-eh-03.txt has been
> >>>>>> successfully submitted by Tom Herbert and posted to the
> >>>>>> IETF repository.
> >>>>>>
> >>>>>> Name:     draft-herbert-ipv4-eh
> >>>>>> Revision: 03
> >>>>>> Title:    IPv4 Extension Headers and Flow Label
> >>>>>> Date:     2024-02-23
> >>>>>> Group:    Individual Submission
> >>>>>> Pages:    47
> >>>>>> URL:      https://www.ietf.org/archive/id/draft-herbert-ipv4-eh-03.txt
> >>>>>> Status:   https://datatracker.ietf.org/doc/draft-herbert-ipv4-eh/
> >>>>>> HTMLized: https://datatracker.ietf.org/doc/html/draft-herbert-ipv4-eh
> >>>>>> Diff:     https://author-tools.ietf.org/iddiff?url2=draft-herbert-ipv4-eh-03
> >>>>>>
> >>>>>> Abstract:
> >>>>>>
> >>>>>>   This specification defines extension headers for IPv4 and an IPv4
> >>>>>>   flow label.  The goal is to provide a uniform and feasible method of
> >>>>>>   extensibility that is common between IPv4 and IPv6.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> The IETF Secretariat
> >>>>>>
> >>>>>
> >>>>> --
> >>>>> ---
> >>>>> tte@cs.fau.de
> >>>>
> >>>
> >>> --
> >>> ---
> >>> tte@cs.fau.de
> >>
> >> --
> >> ---
> >> tte@cs.fau.de
> >
> > _______________________________________________
> > Int-area mailing list
> > Int-area@ietf.org
> > https://www.ietf.org/mailman/listinfo/int-area
>

v2.23.0 | Report a Bug | By Email