IETF Logo Mail Archive

Re: [Int-area] New Version Notification for draft-herbert-ipv4-eh-03.txt

"touch@strayalpha.com" <touch@strayalpha.com> Fri, 22 March 2024 00:38 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9970EC14F6B2 for <int-area@ietfa.amsl.com>; Thu, 21 Mar 2024 17:38:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.325
X-Spam-Level:
X-Spam-Status: No, score=-1.325 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05p7mYXjq0Mf for <int-area@ietfa.amsl.com>; Thu, 21 Mar 2024 17:38:15 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 303F2C14F6A3 for <int-area@ietf.org>; Thu, 21 Mar 2024 17:38:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=//zVHEC2MIcVV9F6kfOUFA6bNsRnoiulTW6hhQInXjA=; b=OhnquOfg1sK8W67cAZM950Mq3j 3k1D91qXd4EX3XKe3NQdHc4O9S4ayYdt1pQAjSdHvEtQC1HVJBtTjFzoPY5ySU4wVvFPPg1Qh7BAT QqUW5MpSbErCjoW8J7Dx2IefjK+gbopgcHiDfKuPlyoTTjCwbcl4HGMtzrIt+D8kYG5EAGJ/uewO7 FBm/2ytOBpCjWfZncrzjyUb14pRrsvh3wfS2etAngqCRxy6sPXvMGy8x/lcyc5gmlhOr76hLgvyep tjOzxisrJKJq1YGV8A2Z5SC5khudLacWxKm7RgF7rPhVjqC3L66hsc6jWpSE9aJceUHKhDImE0DXx eppvVdrA==;
Received: from [172.58.209.101] (port=18489 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from <touch@strayalpha.com>) id 1rnSv8-00EYeW-2g; Thu, 21 Mar 2024 20:38:12 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_8A6B8AFD-709D-4214-AAD3-693082E31682"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <CALx6S37XnjWcpeGZUQWXFyE0jP=XyodmUBBh+69SonLw3ndvaQ@mail.gmail.com>
Date: Thu, 21 Mar 2024 17:37:52 -0700
Cc: Toerless Eckert <tte@cs.fau.de>, int-area <int-area@ietf.org>
Message-Id: <57C622DE-2C8E-4415-805D-7053309B0D01@strayalpha.com>
References: <170865175505.14082.3856617737779580933@ietfa.amsl.com> <CALx6S363oh+7rNMaMa0s+9A-xeyLBy+ct-Q_Bx0xQm_di1PPJA@mail.gmail.com> <ZeZjGyxmuapXz5tb@faui48e.informatik.uni-erlangen.de> <CALx6S34OFL7tzabL+RMvB3nkad5k9esCD_dFpMi6DUtUEG-Dmg@mail.gmail.com> <ZedO1u7aheBhZ26N@faui48e.informatik.uni-erlangen.de> <ZfurRK_oNVES2hVz@faui48e.informatik.uni-erlangen.de> <CALx6S36L57vPa5YkiV3khYbFpPPgPUVynWaRVno0BufvXcALeA@mail.gmail.com> <Zfu5GQ7101lMnHGs@faui48e.informatik.uni-erlangen.de> <DCE2D4E2-9C5D-40B7-952F-7424E7FCBAFE@strayalpha.com> <CALx6S37XnjWcpeGZUQWXFyE0jP=XyodmUBBh+69SonLw3ndvaQ@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/jbYfSXz7VdH1_vytb2Et5XZy0LA>
Subject: Re: [Int-area] New Version Notification for draft-herbert-ipv4-eh-03.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Internet Area WG Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2024 00:38:20 -0000

> On Mar 21, 2024, at 8:01 AM, Tom Herbert <tom@herbertland.com> wrote:
> 
>> I haven’t seen it mentioned yet (apologies if so), but there is a big difference between extension headers and encapsulated protocols.
>> 
>> Extension headers - no matter how many - can each refer back to the base header. Same for the first encapsulated protocol.
>> 
>> E.g.:
>> 
>> IP1 IP2 IP3 TCP…. TCP uses a pseudo header based on IP3
>> But:
>> IPv6a EHb EHc TCP… TCP uses a pseudo header based on IPv6a; each of the EH’s can also refer back to IPv6a
>> 
>> I see NO way to do this with any mechanism for IPv4 except options (whose space is limited). There’s no way to redefine protocol processing to ensure that information can be “Carried” forward across EHs.
>> 
>> This seems like a show-stopper; has it been addressed?
> 
> Joe,
> 
> It already happens in IPv4. Consider the header chain IPv4-AH-TCP. In
> practice, host stacks have already accounted for this so I don't see
> this as a problem.
> 
> Tom

There’s a big difference and it relates to discussions we've had about UDP options.

With IPsec, the assumption is “if I add it, it MUST be checked”, so an endpoint that doesn’t know to check would drop the packet as expected.

But that means these extensions can only be useful where they MUST be supported; you can’t send them to (or through) legacy devices (or NATs) and have them work correctly.

In which case, rather than this mechanism, you could as easily do basically ANYTHING else too - because it’s no longer a matter of backward compatibility.

The idea of a chain of headers appears to have shown itself not very tenable for IPv6; I can’t see why we would want to emulate it in a protocol that (as others noted) I thought we were no longer evolving.

Joe

v2.23.0 | Report a Bug | By Email