IETF Logo Mail Archive

Re: [6MAN] UDP+Fragmentation (was: "Deprecate")

Mark Andrews <marka@isc.org> Tue, 27 August 2013 21:46 UTC

Return-Path: <marka@isc.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CD7B21E805D for <ipv6@ietfa.amsl.com>; Tue, 27 Aug 2013 14:46:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.383
X-Spam-Level:
X-Spam-Status: No, score=-2.383 tagged_above=-999 required=5 tests=[AWL=0.216, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5FP4LDmBfjvQ for <ipv6@ietfa.amsl.com>; Tue, 27 Aug 2013 14:46:49 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id A166421E80A3 for <ipv6@ietf.org>; Tue, 27 Aug 2013 14:46:49 -0700 (PDT)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id ED733C94AD; Tue, 27 Aug 2013 21:46:35 +0000 (UTC) (envelope-from marka@isc.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1377640009; bh=3VFa3wBmObMPcDOfyzLAmMZzRkQbdrc7xU7ev+oSH/w=; h=To:Cc:From:References:Subject:In-reply-to:Date; b=U72cM8zLE8IZAXy8FLxNOkI4DRUs0WVTGhI2h/nNd6K2xtQYtsoz1dple269r4crb G2I5Vj0e1+wrfKquByuDqXhIudOlu1YAA9wG/hkSzIbKBqQWFCTrZt24NxeJe6DfXy azeQoDkaJnxZF5wV5poxcKbKL+9fDOCc3M/cUlFw=
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.pao1.isc.org (Postfix) with ESMTP; Tue, 27 Aug 2013 21:46:35 +0000 (UTC) (envelope-from marka@isc.org)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id F0204160446; Tue, 27 Aug 2013 21:47:13 +0000 (UTC)
Received: from drugs.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id 5FAA516043C; Tue, 27 Aug 2013 21:47:13 +0000 (UTC)
Received: from drugs.dv.isc.org (localhost [IPv6:::1]) by drugs.dv.isc.org (Postfix) with ESMTP id ADEBC38EC6E6; Wed, 28 Aug 2013 07:46:24 +1000 (EST)
To: Warren Kumari <warren@kumari.net>
From: Mark Andrews <marka@isc.org>
References: <782A011A-B28F-4BD9-B3F1-C194D6244DFA@gmail.com> <Pine.LNX.4.64.1308010951100.15607@shell4.bayarea.net> <Pine.LNX.4.64.1308052027420.28100@shell4.bayarea.net> <f4cb5436e86b4ec88d34f2d21e2bbb24@BL2PR05MB243.namprd05.prod.outlook.com> <2134F8430051B64F815C691A62D983180E0A69@XCH-BLV-504.nw.nos.boeing.com> <fee4460daf2748e0bc5efda62c00b7df@BL2PR05MB243.namprd05.prod.outlook.com> <2134F8430051B64F815C691A62D983180E0D96@XCH-BLV-504.nw.nos.boeing.com> <2134F8430051B64F815C691A62D983180E0E0D@XCH-BLV-504.nw.nos.boeing.com> <ce9ac441c5c949d184997bcce7d154f5@BL2PR05MB243.namprd05.prod.outlook.com> <Pine.LNX.4.64.1308191017070.7703@shell4.bayarea.net> <58A2CCE5-4EAB-4D80-8A97-88885F0E268C@kumari.net>
Subject: Re: [6MAN] UDP+Fragmentation (was: "Deprecate")
In-reply-to: Your message of "Tue, 27 Aug 2013 17:18:51 -0400." <58A2CCE5-4EAB-4D80-8A97-88885F0E268C@kumari.net>
Date: Wed, 28 Aug 2013 07:46:24 +1000
Message-Id: <20130827214624.ADEBC38EC6E6@drugs.dv.isc.org>
X-DCC--Metrics: post.isc.org; whitelist
Cc: "C. M. Heard" <heard@pobox.com>, IPv6 <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Aug 2013 21:46:54 -0000

Warren can you please fix your MUA to generate legal To: lines.
"To: C. M. Heard <heard@pobox.com>" is not legal a legal To: line.

repl: bad addresses:
	C. M. Heard <heard@pobox.com> -- no at-sign after local-part (<)

In message <58A2CCE5-4EAB-4D80-8A97-88885F0E268C@kumari.net>, Warren Kumari wri
tes:
>
> On Aug 27, 2013, at 12:37 AM, C. M. Heard <heard@pobox.com> wrote:
>
> > Greetings,
> >
> > Upon reflection, I have come to the conclusion that the proposal in
> > draft-andrews-6man-fragopt (or a variant thereof) is a much better
> > solution to the problems with IPv6 fragmentation than the UDP
> > segmentation scheme I proposed.
> >
> > The huge advantage of putting a skippable IPv6 option with
> > higher-layer header information into IPv6 fragments is that it is
> > much easier to deploy incrementally than the UDP segmentation
> > scheme.  New end systems could begin inserting the option as soon
> > the format is standardized, and they would still be able to
> > communicate with older end systems that comply with existing IPv6
> > specifictions, at least on paths where fragments are not discarded
> > by firewalls.  That's not true of the UDP segmentation scheme (or of
> > more complex alternatives such as SEAL).
> >
> > A second advantage of the proposal in draft-andrews-6man-fragopt,
> > or more specifically of a variant that I proposed in
> > http://www.ietf.org/mail-archive/web/ipv6/current/msg18849.html,
> > is that it can be made to work with any upper-layer protocol,
> > present or future.  The UDP segmentation scheme works for one
> > protocol only.  (SEAL would work with any upper-layer protocol, but
> > since it hides the upper-layer headers, it could well be blocked by
> > firewalls for that reason.)
> >
> > It is true that firewalls will need to be updated to make the option
> > scheme achieve its objective of getting fragments through.  It
> > seems, however, that the same is true of the UDP segmentation scheme
> > that I proposed; Google for "UDP packet length and the size on the
> > wire do not match" for some examples.  (SEAL, being a new
> > upper-layer protocol, would also require firewall updates).
> >
> > The main lesson I draw from draft-taylor-v6ops-fragdrop is that IPv6
> > fragmentation, as currently specified, does not meet the
> > requirements of certain operators because upper-layer header
> > information is absent from non-initial fragments.  The option scheme
> > directly addresses that problem.  Given that the 6man WG is not
> > ready to deprecate IPv6 fragmentation, it seems to me that it should
> > be rehabilitated to the extent possible, and I think the option
> > scheme would do that.
> >
>
> Apologies if I missed it and this was already discussed -- for some
> reason my MUA is refusing to thread this conversation correctly and so
> I'm reading thing all out of order.
>
> I have some issue / concerns with draft-andrews-6man-fragopt
> The whole problem is that I cannot look at the fragment and know what
> protocol and port it is actually destined to (I also have concerns about
> past issues with reassembly / overlapping frags, but we'll skip those for
> now).
> I am unclear how I am supposed to be able to trust the port information
> in the new header?
>
> Lets say that I only allow traffic to 192.0.2.1 port 80.
> What is to stop a malicious party from:
> 1: Generating a packet to 192.0.2.1 port 22.
> 2: Fragmenting it into two parts.
> 3: Adding a few junk headers for padding (I think that this is optional)
> 4: Putting in this new header and listing the destination port as 80?
>
> I *guess* if *all* of the devices on the inside of my network know to
> check that the new header attributes match the reassembled pack then I
> have *some* protection, but this isn't (that I could see) specified in
> the draft.
> There are some comments about NATs changing things "both the source and
> destination ports may have been changed so the ports may appear to be
> completely unrelated. The
>    source port is changed by a client NAT and the destination port is
>    changed by a NAT acting a load balancer."
>
> It is conceivable that all of the devices behind a load balancer could be
> configured to ignore this check, but that removes basically all of the
> protection (same thing if the LB simply strips this option).
>
> W

Assuming you don't have a load balancer that is changing the destination
port the destination port will still be port 80 on all fragments in both
the hop-by-hop option and the original TCP header.

You still need to drop initial fragments where you can't see the entire
header chain.

Passing a fragment is no worse than passing a out of order segment.

Reply traffic will still be from port 80 but after it has passed
through a NAT the destination port in the option will not match the
original source port. 

Again you still need to drop initial fragments where you can't see
the entire header chain.

You have looser rules on the non-initial fragments than for the
initial fragments.  But it is not wide open like it currently has
to be.

Mark

> > Thanks and regards,
> >
> > Mike Heard
> >
> > On Wed, 7 Aug 2013, Ronald Bonica wrote:
> >> Fred,
> >>
> >> We should probably be clear about which problem we are trying to
> >> solve. The following are possibilities:
> >>
> >> a) Remove network administrators' motivation for blocking IPv6
> >> fragments. To this end, we assume that the network administrators'
> >> primary motivation is the tiny fragment problem. So, we solve the
> >> tiny fragment problem by changing the way that IPv6 fragmentation
> >> works. In the new fragmentation scheme, each fragment contains
> >> parsable information regarding the payload protocol and port.
> >>
> >> b) Make UDP-based applications work in a world where network
> >> administrators block IPv6 fragments. We do this by either
> >> modifying UDP so that it supports fragmentation and reassembly of
> >> long payloads or creating a new UDP-like protocol that supports
> >> the fragmentation and reassembly of long payloads.
> >>
> >> Draft-andrews-6man-fragopt solves the problem posed in
> >> draft-bonica-6man-frag-deprecate by solving problem a). Mike's
> >> proposal solves the problem posed in
> >> draft-bonica-6man-frag-deprecate by solving problem [b)].
> >>
> >> IMHO, both proposals address the problem. We are currently trying
> >> to figure out which will work best.
> >>
> >>                                                      Ron
> >>
> >>
> >>> -----Original Message-----
> >>> From: Templin, Fred L [mailto:Fred.L.Templin@boeing.com]
> >>> Sent: Tuesday, August 06, 2013 6:36 PM
> >>> To: Ronald Bonica; C. M. Heard; IPv6
> >>> Subject: RE: UDP+Fragmentation (was: "Deprecate")
> >>>
> >>> Ron,
> >>>
> >>> One other thing for now is that Mike's proposal doesn't even address
> >>> the attack vector that 'draft-bonica-6man-frag-deprecate'
> >>> is concerned about. To address the tiny fragment concern, the protocol
> >>> must ensure that tiny fragments cannot ever be created.
> >>>
> >>> Thanks - Fred
> >>> fred.l.templin@boeing.com
> >>>
> >>>> -----Original Message-----
> >>>> From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf
> >>>> Of Templin, Fred L
> >>>> Sent: Tuesday, August 06, 2013 3:07 PM
> >>>> To: Ronald Bonica; C. M. Heard; IPv6
> >>>> Subject: RE: UDP+Fragmentation (was: "Deprecate")
> >>>>
> >>>> Hi Ron,
> >>>>
> >>>>> -----Original Message-----
> >>>>> From: Ronald Bonica [mailto:rbonica@juniper.net]
> >>>>> Sent: Tuesday, August 06, 2013 2:54 PM
> >>>>> To: Templin, Fred L; C. M. Heard; IPv6
> >>>>> Subject: RE: UDP+Fragmentation (was: "Deprecate")
> >>>>>
> >>>>> Fred,
> >>>>>
> >>>>> If that's the case, we have a good argument for changing Mike's
> >>>>> proposal ever so slightly, so that it uses a new protocol ID. But
> >>>>> still, Mike's proposal is elegant because:
> >>>>>
> >>>>> a) It solves the problem at the right layer
> >>>>> b) It reuses UDP transport machinery. (The only exception is the in
> >>>>> LENGTH field)
> >>>>> c) It reuses IP fragmentation machinery (moving it to the transport
> >>>>> layer)
> >>>>> d) Aside from b) and c), it introduces no new protocol machinery.
> So,
> >>>>> it can be described in a few short pages. This is in stark contrast
> to
> >>>>> SEAL (draft-templin-intarea-seal-61) whose protocol machinery
> requires
> >>>>> 41 pages to describe
> >>>>
> >>>> There is a lot of boiler plate in the draft that is not required to
> >>>> describe the protocol machinery. Plus, there are many things that
> >>>> need to be described in a functional specification beyond just
> >>>> posting a concept in an e-mail thread.
> >>>>
> >>>>> which required 61 draft versions to get right.
> >>>>
> >>>> The best things in life are worth investing the time and energy
> >>>> to get right. Plus, SEAL is a universal format that handles both
> >>>> tunnel- and transport-mode requirements for all manners of
> >>>> existing protocols.
> >>>>
> >>>> If we are going to define a new protocol type, let's define one
> >>>> that addresses everything we are currently struggling with and
> >>>> has the extensibility to address additional requirements moving
> >>>> forward into the future.
> >>>>
> >>>> Thanks - Fred
> >>>> fred.l.templin@boeing.com
> >>>>
> >>>>>                                                 Ron
> >>>>>
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: Templin, Fred L [mailto:Fred.L.Templin@boeing.com]
> >>>>>> Sent: Tuesday, August 06, 2013 2:58 PM
> >>>>>> To: Ronald Bonica; C. M. Heard; IPv6
> >>>>>> Subject: RE: UDP+Fragmentation (was: "Deprecate")
> >>>>>>
> >>>>>> With a protocol as ossified as UDP, I have a hard time imagining
> all
> >>>>>> middleboxes passing the packets with what they would see as a
> corrupted
> >>>>>> length field.
> >>>>>>
> >>>>>> Thanks - Fred
> >>>>>> fred.l.templin@boeing.com
> >>>>>>
> >>>>>>> -----Original Message-----
> >>>>>>> From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On
> Behalf
> >>>>>>> Of Ronald Bonica
> >>>>>>> Sent: Tuesday, August 06, 2013 11:49 AM
> >>>>>>> To: C. M. Heard; IPv6
> >>>>>>> Subject: RE: UDP+Fragmentation (was: "Deprecate")
> >>>>>>>
> >>>>>>> Mike,
> >>>>>>>
> >>>>>>> The proposal sounds elegant. I will try to paraphrase it to make
> sure
> >>>>>>> that I understand.
> >>>>>>>
> >>>>>>> When originating a UDP datagram, the host always queries it
> underlying
> >>>>>>> IP stack to determine the PMTU for the destination. If the PMTU
> >>>>>>> greater than or equal to the size of the payload plus the UDP
> header
> >>>>>>> plus the IP header, plus all IP extension headers, the originating
> >>>>>>> host emits a conventional UDP packet which is characterized as
> >>>>>>> follows:
> >>>>>>>
> >>>>>>> - Protocol = 17
> >>>>>>> - Length <= L4 length from IP
> >>>>>>>
> >>>>>>> If the PMTU less than the size of the payload plus the UDP header
> plus
> >>>>>>> the IP header, plus all IP extension headers, the originating host
> >>>>>>> emits an unconventional UDP packet which is characterized as
> follows:
> >>>>>>>
> >>>>>>> - Protocol = 17
> >>>>>>> - Length > L4 length from IP
> >>>>>>> - Segment Offset, M-bit and Identification fields added to UDP
> header
> >>>>>>> before the payload
> >>>>>>>
> >>>>>>> If an unconventional UDP packet arrives a destination that
> supports
> >>>>>>> unconventional packets, it is reassembled at the transport layer.
> If
> >>>>>>> an unconventional UDP packet arrives a destination that does not
> >>>>>>> support unconventional packets, it is  discarded.
> >>>>>>>
> >>>>>>> Do I have this much right?
> >>>>>>>
> >>>>>>>                          Ron
> >>>>>>>
> >>>>>>>
> >>>>>>> -----Original Message-----
> >>>>>>> From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On
> Behalf Of
> >>>>>>> C. M. Heard
> >>>>>>> Sent: Monday, August 05, 2013 11:53 PM
> >>>>>>> To: IPv6
> >>>>>>> Subject: Re: UDP+Fragmentation (was: "Deprecate")
> >>>>>>>
> >>>>>>> On Thu, 1 Aug 2013, C. M. Heard wrote:
> >>>>>>>> On Thu, 1 Aug 2013, RJ Atkinson wrote:
> >>>>>>>>> I agree that C.M. Heard's ideas should be explored in more
> detail by
> >>>>>>>>> the IETF.
> >>>>>>>
> >>>>>>> The idea was essentially UDP with segmentation fields, which would
> >>>>>>> require a new protocol number.
> >>>>>>>
> >>>>>>> In an offline discussion with Mark Smith and I kicked around an
> idea
> >>>>>>> for an alternate version not requiring a new protocol number, but
> >>>>>>> relying instead on the redundancy of the UDP Length field.  The
> UDP
> >>>>>>> Length field is not actually needed; TCP does not have one but
> rather
> >>>>>>> relies on the length reported by the IP layer.  Under current
> >>>>>>> standards, the UDP Length field must be at least 8 and cannot
> exceed
> >>>>>>> the IP payload length minus the combined length of any extension
> >>>>>>> headers -- let's call this the L4 length from IP.  Existing
> >>>>>>> implementations are supposed to drop UDP datagrams that fail this
> >>>>>>> check, and all the ones I know of do so.
> >>>>>>>
> >>>>>>> The question then arises whether it might reasonably be possible
> to re-
> >>>>>>> purpose the case UDP Length > L4 length from IP to mean a
> segmented UDP
> >>>>>>> datagram.
> >>>>>>>
> >>>>>>> In that case 8 <= UDP Length <= L4 length from IP would be
> intepreted
> >>>>>>> as a standard unsegmented UDP datagram, as is it now.
> >>>>>>> That's the case pictured below.  Note that if the L4 length
> indicated
> >>>>>>> by the IP layer exceeds the UDP Length, then the extra octets
> would be
> >>>>>>> discarded and are not delivered to the application; that is the
> >>>>>>> behavior of the implementations I know of.
> >>>>>>>
> >>>>>>>     0                            15 16
> 31
> >>>>>>>
> +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
> >>>>>>>    |         Source Port           |      Destination Port
>  |
> >>>>>>>
> +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
> >>>>>>>    |   Length <= L4 length from IP |            Checksum
>  |
> >>>>>>>
> +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
> >>>>>>>    |                          data octets               ...
> >>>>>>>    +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|    ...
> >>>>>>>
> >>>>>>> Now suppose that we have a long UDP datagram that we want to send
> in
> >>>>>>> segments.  We set the Length and Checksum fields as usual, and
> then cut
> >>>>>>> the datagram into segments, each of which looks like this:
> >>>>>>>
> >>>>>>>     0                            15 16
> 31
> >>>>>>>
> +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
> >>>>>>>    |         Source Port           |      Destination Port
>  |
> >>>>>>>
> +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
> >>>>>>>    |  Length > L4 length from IP   |            Checksum
>  |
> >>>>>>>
> +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
> >>>>>>>    |        (reserved = 0)         |       Segment Offset
> |Res|M|
> >>>>>>>
> +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
> >>>>>>>    |                         Identification
>  |
> >>>>>>>
> +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
> >>>>>>>    |                          data octets               ...
> >>>>>>>    +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|    ...
> >>>>>>>
> >>>>>>> We put the same UDP header in each segment, so (if we take some
> care in
> >>>>>>> how we choose the length of the segments) each one will have a UDP
> >>>>>>> Length field that is greater than the IP payload length minus the
> >>>>>>> combined length of any extension headers.  Implementations that
> conform
> >>>>>>> to the current specifications should discard these segments, and
> so
> >>>>>>> should not mistakenly consider the segmentation fields as part of
> the
> >>>>>>> application data.  That should make it possible for segmented UDP
> >>>>>>> datagrams to safely coexist with conventional unsegmented one,
> without
> >>>>>>> getting a new protocol number.
> >>>>>>>
> >>>>>>> Possible downsides: some middleboxes may filter such "erroneous"
> >>>>>>> datagrams, and some existing erroneous implementations may fail
> to do
> >>>>>>> the checks they should and might mistake these segments for
> ordinary
> >>>>>>> UDP datagrams.
> >>>>>>>
> >>>>>>> Note that this idea does not work with UDP-lite, which replaces
> the
> >>>>>>> Length field with a Checksum Coverage field.  That could easily
> be too
> >>>>>>> short to exceed the L4 length from IP.
> >>>>>>>
> >>>>>>> Mike Heard
> >>>>>>>
> --------------------------------------------------------------------
> >>>>>>> IETF IPv6 working group mailing list
> >>>>>>> ipv6@ietf.org
> >>>>>>> Administrative Requests:
> https://www.ietf.org/mailman/listinfo/ipv6
> >>>>>>>
> --------------------------------------------------------------------
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>
> >>
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> >
>
> --
> Do not meddle in the affairs of wizards, for they are subtle and quick to
> anger.
>     -- J.R.R. Tolkien
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email