Re: [Int-area] New Version Notification for draft-herbert-ipv4-eh-03.txt
Tom Herbert <tom@herbertland.com> Fri, 22 March 2024 01:36 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C70A6C14F60B for <int-area@ietfa.amsl.com>; Thu, 21 Mar 2024 18:36:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g8KOaJk6R3TB for <int-area@ietfa.amsl.com>; Thu, 21 Mar 2024 18:36:22 -0700 (PDT)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59466C14F707 for <int-area@ietf.org>; Thu, 21 Mar 2024 18:36:18 -0700 (PDT)
Received: by mail-ed1-x52d.google.com with SMTP id 4fb4d7f45d1cf-56bdf81706aso306428a12.2 for <int-area@ietf.org>; Thu, 21 Mar 2024 18:36:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1711071375; x=1711676175; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=i1t0RfZYtvMFwB6suEmmjz10vhFA99fY+L/JbHbDdZA=; b=Vc3Sm1EL0Owv5Go5sODmJC8YgoP9vAubqRymrfIFEQ35puGRHDF7w2ZKDoapGFaZYN Vm4sI29RhdCznBF10Bp5HeIwQjwGl7bzzWqt3OJdNyJS/O944mOPjtiPnw4bhhaoOJlQ YbLUX2j6+tmBr+8QeuyjNIPKgyNKAQ7J8NiuCFESJEv/TtyrLGHGLB7HAcmLui97erO3 5g9GGlRVXOoN+ItR/gtn/vzgagXtZTgWupkRZSzfAyigT7StRK0CSRIh4bC1zhv6/atL +3HGleBstrcuSXQDk4G+HzJ6CpOWLmIUxF6qEvcRnNVupqHWWFVc03o04rNO+X6AtW93 +FHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711071375; x=1711676175; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=i1t0RfZYtvMFwB6suEmmjz10vhFA99fY+L/JbHbDdZA=; b=lssNSdc3Gn+/BnWjZVwqgInM+SYXHIYs5+k/qHXKHf7DRaoWMAFfMj7CZBS9MQ49AR KwaH21yLtlVBxr1JTSUuohW1rI9+h9XXOLx6V4wkOa7IN3ypUw12MCrqomHyCAftOid7 awROiydnTSMaxJXHGBYRNtnL2qsYLZwIeOa+F8bOppJLMR5ibrBzhN6Z05JHhebTbMWA VbWjNMpNac3J27kNdoiqWOlRpp5URWo28mjzo/GB37aULDtDpi7IIBcWYq9s65nOTlx/ /kzvqa0UM3oydRQm5EUmXYzV+iVBkLgZAjbF93K6+xROdg0SaFUy5WUrP8y2dErOWrVG wnhw==
X-Forwarded-Encrypted: i=1; AJvYcCUve28x/HuVo4BDDPswKPykp04Ui/rKbDti4T+r2bVF8bkrEfLkVLbnxhBCF/1u6FEbbiItan4AwPcfGfZIraHEqw==
X-Gm-Message-State: AOJu0YzQJXpgP6byw6UoEtz80QsTa1TKPChptxVjcRa1rMelzqo6S8fD v8V3dDR/k2gPpRONeuCjur6LaGnFwmIC9+/Z6jqigYyAo44CwDhvSeneJqK8/Hm2MC/tYSjubh5 JuuirhdxTLmU++UAQx/5mvD6bvngzBU5dwoRCzsmb+PRghdI13g==
X-Google-Smtp-Source: AGHT+IHJAjbQAbrLxzre4azJssk5WLbhr8Z8RQASogJaBGaXbqc2M3m5oZUtYLVB4aQs8nGR2nG8SB9P7IsdZ3X6OYg=
X-Received: by 2002:a50:d786:0:b0:566:47ee:b8b4 with SMTP id w6-20020a50d786000000b0056647eeb8b4mr469312edi.17.1711071374445; Thu, 21 Mar 2024 18:36:14 -0700 (PDT)
MIME-Version: 1.0
References: <170865175505.14082.3856617737779580933@ietfa.amsl.com> <CALx6S363oh+7rNMaMa0s+9A-xeyLBy+ct-Q_Bx0xQm_di1PPJA@mail.gmail.com> <ZeZjGyxmuapXz5tb@faui48e.informatik.uni-erlangen.de> <CALx6S34OFL7tzabL+RMvB3nkad5k9esCD_dFpMi6DUtUEG-Dmg@mail.gmail.com> <ZedO1u7aheBhZ26N@faui48e.informatik.uni-erlangen.de> <ZfurRK_oNVES2hVz@faui48e.informatik.uni-erlangen.de> <CALx6S36L57vPa5YkiV3khYbFpPPgPUVynWaRVno0BufvXcALeA@mail.gmail.com> <Zfu5GQ7101lMnHGs@faui48e.informatik.uni-erlangen.de> <DCE2D4E2-9C5D-40B7-952F-7424E7FCBAFE@strayalpha.com> <CALx6S37XnjWcpeGZUQWXFyE0jP=XyodmUBBh+69SonLw3ndvaQ@mail.gmail.com> <57C622DE-2C8E-4415-805D-7053309B0D01@strayalpha.com>
In-Reply-To: <57C622DE-2C8E-4415-805D-7053309B0D01@strayalpha.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 21 Mar 2024 18:36:02 -0700
Message-ID: <CALx6S36Dpn0qC9e0ZGaK-ckbT58hRkeLHDKkNqmmJn0vQ5ONUw@mail.gmail.com>
To: "touch@strayalpha.com" <touch@strayalpha.com>
Cc: Toerless Eckert <tte@cs.fau.de>, int-area <int-area@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/pSl6fnrvk09He9z1RYCQ546pPW8>
Subject: Re: [Int-area] New Version Notification for draft-herbert-ipv4-eh-03.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Internet Area WG Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2024 01:36:26 -0000
On Thu, Mar 21, 2024 at 5:38 PM touch@strayalpha.com <touch@strayalpha.com> wrote: > > On Mar 21, 2024, at 8:01 AM, Tom Herbert <tom@herbertland.com> wrote: > > I haven’t seen it mentioned yet (apologies if so), but there is a big difference between extension headers and encapsulated protocols. > > Extension headers - no matter how many - can each refer back to the base header. Same for the first encapsulated protocol. > > E.g.: > > IP1 IP2 IP3 TCP…. TCP uses a pseudo header based on IP3 > But: > IPv6a EHb EHc TCP… TCP uses a pseudo header based on IPv6a; each of the EH’s can also refer back to IPv6a > > I see NO way to do this with any mechanism for IPv4 except options (whose space is limited). There’s no way to redefine protocol processing to ensure that information can be “Carried” forward across EHs. > > This seems like a show-stopper; has it been addressed? > > > Joe, > > It already happens in IPv4. Consider the header chain IPv4-AH-TCP. In > practice, host stacks have already accounted for this so I don't see > this as a problem. > > Tom > > > There’s a big difference and it relates to discussions we've had about UDP options. > > With IPsec, the assumption is “if I add it, it MUST be checked”, so an endpoint that doesn’t know to check would drop the packet as expected. Joe, As you know from the discussions on UDP Options, I believe that if someone sends security information in a packet then the information MUST be verified. It's always better to drop something you don't understand, rather than accept it and put the user at risk for security or data corruption. > > But that means these extensions can only be useful where they MUST be supported; you can’t send them to (or through) legacy devices (or NATs) and have them work correctly. We can't send AH, ESP, DCCP, SCTP, GRE through NAT either. For that matter, has any ever tested if IPv6 EH can make it through NAT. In any case, from IPv6 data we already know that extension headers will probably ever only be useful in limited domains, so I don't believe NAT traversal is a showstopper. > > In which case, rather than this mechanism, you could as easily do basically ANYTHING else too - because it’s no longer a matter of backward compatibility. But isn't that the *whole point* of an extensible protocol like IP?... to allow innovation and extensions to be able to solve problems that would never have been foreseen when the protocol was first developed. And not everything we do can be backwards compatible, if that were a requirement IETF never could have created IPv6. > > The idea of a chain of headers appears to have shown itself not very tenable for IPv6; I can’t see why we would want to emulate it in a protocol that (as others noted) I thought we were no longer evolving. I believe there are a lot of people in IETF that would disagree with that sentiment. Tom > > Joe >
- [Int-area] Fwd: New Version Notification for draf… Tom Herbert
- Re: [Int-area] Fwd: New Version Notification for … Toerless Eckert
- Re: [Int-area] Fwd: New Version Notification for … Tom Herbert
- Re: [Int-area] Fwd: New Version Notification for … Toerless Eckert
- Re: [Int-area] Fwd: New Version Notification for … Tom Herbert
- Re: [Int-area] Fwd: New Version Notification for … Toerless Eckert
- Re: [Int-area] Fwd: New Version Notification for … Tom Herbert
- Re: [Int-area] Fwd: New Version Notification for … Brian E Carpenter
- Re: [Int-area] Fwd: New Version Notification for … Toerless Eckert
- Re: [Int-area] Fwd: New Version Notification for … Tom Herbert
- Re: [Int-area] Fwd: New Version Notification for … Brian E Carpenter
- Re: [Int-area] Fwd: New Version Notification for … Toerless Eckert
- Re: [Int-area] New Version Notification for draft… touch@strayalpha.com
- Re: [Int-area] [EXTERNAL] Re: New Version Notific… Robinson, Herbie
- Re: [Int-area] [EXTERNAL] Re: New Version Notific… Tom Herbert
- Re: [Int-area] [EXTERNAL] Re: New Version Notific… Robinson, Herbie
- Re: [Int-area] [EXTERNAL] Re: New Version Notific… Tom Herbert
- Re: [Int-area] [EXTERNAL] Re: New Version Notific… Robinson, Herbie
- Re: [Int-area] [EXTERNAL] Re: New Version Notific… Tom Herbert
- Re: [Int-area] [EXTERNAL] Re: New Version Notific… Robinson, Herbie
- Re: [Int-area] [EXTERNAL] Re: New Version Notific… Tom Herbert
- Re: [Int-area] [EXTERNAL] Re: New Version Notific… Robinson, Herbie
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] [EXTERNAL] Re: New Version Notific… Tom Herbert
- Re: [Int-area] [EXTERNAL] Re: New Version Notific… Brian E Carpenter
- Re: [Int-area] New Version Notification for draft… Bob Hinden
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] New Version Notification for draft… Templin (US), Fred L
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] New Version Notification for draft… Brian E Carpenter
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] New Version Notification for draft… waldemar
- Re: [Int-area] New Version Notification for draft… touch@strayalpha.com
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] New Version Notification for draft… touch@strayalpha.com
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] New Version Notification for draft… touch@strayalpha.com
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] New Version Notification for draft… touch@strayalpha.com
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] New Version Notification for draft… touch@strayalpha.com
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] New Version Notification for draft… touch@strayalpha.com
- Re: [Int-area] New Version Notification for draft… Robinson, Herbie
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] New Version Notification for draft… Templin (US), Fred L
- Re: [Int-area] New Version Notification for draft… Antoine FRESSANCOURT
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] [EXTERNAL] Re: New Version Notific… Robinson, Herbie
- Re: [Int-area] [EXTERNAL] Re: New Version Notific… Tom Herbert
- Re: [Int-area] New Version Notification for draft… Brian E Carpenter
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] Fwd: New Version Notification for … Templin (US), Fred L