Re: [Errata Rejected] RFC8200 (6003)
Erik Kline <ek.ietf@gmail.com> Mon, 11 May 2020 01:57 UTC
Return-Path: <ek.ietf@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F2223A005B for <ipv6@ietfa.amsl.com>; Sun, 10 May 2020 18:57:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xemoY6EV33QB for <ipv6@ietfa.amsl.com>; Sun, 10 May 2020 18:57:37 -0700 (PDT)
Received: from mail-oo1-xc43.google.com (mail-oo1-xc43.google.com [IPv6:2607:f8b0:4864:20::c43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CECA93A003E for <ipv6@ietf.org>; Sun, 10 May 2020 18:57:36 -0700 (PDT)
Received: by mail-oo1-xc43.google.com with SMTP id e18so1607576oot.9 for <ipv6@ietf.org>; Sun, 10 May 2020 18:57:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2c5hWrR28QdIuBv3sARSfuM/+Yu9Sw+DEDERQcNS/Hs=; b=XX/V1jv9A6BmnPN4vrlos36QTCtrH3vjmyTLwaY0khLsxgvyXMnG2n3jxrl9v+Aze6 eXAaP4sTJQ7lAXQ8sDOzOuK5bfXSdUdsuGtu2kd/wQUHN3kIb69vqhcbezTqCJhJ167A k1HzxE6GMeeEL8gROr5Y2I5oZG+iQfbaCDvlrP9Wo8/CqZYiH1nqyrtqduwqjOoZ2mGV qjS7AGsiM+3hpDeuvsjc/3TS6yqsNiWsOf8rfm3xsaGoRk+9T8Om6SgzqbtQiMWCjkLT 2h3tn2fRedysbtq6EPVU3eBoViJ7Xhux/bOUl8JXcEkJyK7gDvXvE4YF8sJ5rB9iLes+ Jx1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2c5hWrR28QdIuBv3sARSfuM/+Yu9Sw+DEDERQcNS/Hs=; b=uVNLnR1rP9b3LJ7/ZOmoPEFFtYxEcmvra5UUnUPPsAhLfVmQfvaqVC6dXdE4hHc87L 55eA6HVFneyY3ZIuicu/2jlvcXs3fv1gZzCpdyQAnW47lDkdmJko0zolZ72R3lLwKwNu UDUM6A7RuLlCogLlfSqmOOA7kJ6Rrt8I1jqxh8KpRSIRcWAyVu5ALyCbi+ia9G85bIXZ S0NQvhWKbhQNaKFzn1cJkpBgNtCcfTyUfqF95xtqhZG5AvJS7ZOre+sThyCwdOr1mPJx 63T0kz6Z4T8aVSXcTpnBrTpnfVeXUHQdgzu3A1/TGwqTrrOCCghsverk8UKHHxzPkR7N ZqRg==
X-Gm-Message-State: AGi0PubBPnEoMjOj3KKPvoChkJBEV+Ncmoc1k8mwudhnbBRKmt6+v4d2 9EZIxP4s+37htc7Pb7HEdNy/hMHhQHu5eurQbmvhhg==
X-Google-Smtp-Source: APiQypLBbyM1yeQZg+FP1r1EnzjxJTIQ9Ap5xXcPrvWI90EaClreZ9WIwUMcwK52U7cqAQdPHHdYW3t8EC3zoFcJe3M=
X-Received: by 2002:a4a:6505:: with SMTP id y5mr3455809ooc.67.1589162255719; Sun, 10 May 2020 18:57:35 -0700 (PDT)
MIME-Version: 1.0
References: <20200510184112.9643EF406D6@rfc-editor.org> <5806d2fa-4e1d-d2c9-a8dc-4452d6b3660b@si6networks.com>
In-Reply-To: <5806d2fa-4e1d-d2c9-a8dc-4452d6b3660b@si6networks.com>
From: Erik Kline <ek.ietf@gmail.com>
Date: Sun, 10 May 2020 18:57:24 -0700
Message-ID: <CAMGpriUPgd7W8m9UZog+vCvgqaZcVBMBmr=JYgHGVKSoD9Sxnw@mail.gmail.com>
Subject: Re: [Errata Rejected] RFC8200 (6003)
To: Fernando Gont <fgont@si6networks.com>
Cc: Bob Hinden <bob.hinden@gmail.com>, IPv6 List <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/3hLxSZ3bhLCbMZu0vf9JiHgfvKg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 May 2020 01:57:41 -0000
[ moved IESG and RFC Editor to bcc ]
> 1) Is the current state of the IPv6 standard that nodes listed in a
> Routing Header can insert, remove, process, or (more generally) mangle
> with the packet structure?
I think the text is pretty clear that the extent of the
"mangle-ability" is limited to HbHs and DOs between the IPv6 header
and the RH.
> 2) If that's the assumption, how does IPv6 operate with respect to
> AH, PMTUD, and error reporting? Allowing intermmediate nodes (such as
> those listed in a RH) can certainly break AH, PMTUD, and (ICMPv6) error
> reporting. Whereas nono of these core functionalities break if
> EH-mangling on the delivery path is forbidden -- as I personally think
> it is.
[AH]
If a router in the dest addr field attempted to alter a packet with an
AH, the implementation would be faced with a choice:
(a) break things such that AH validation detects the tampering (AH
is "working as intended"),
(b) only tamper with things that AH does not cover,
(c) don't tamper at all, or
(d) other: e.g., discard, punt to an SDN controller, phone a friend, ...
(b) and (c) would probably be better than (a). But there might be
uses for (a) and (d).
By analogy, perhaps we could consider the choice faced by by a NAT'ing
router implementation that receives an IPv4 packet with AH (though
perhaps there is specific guidance in a document somewhere for this
case -- I don't know). Regardless of behaviour in the presence of an
AH, "NAT's gonna NAT" when an AH is absent.
[ PMTUD ]
Header removal does not cause a PMTUD problem.
Header "swap", such that the IPv6 Payload Length remains unmodified,
does not cause a PMTUD problem.
Header insertion could cause a PMTUD, but there are some circumstances
where it also might not, i.e. if the router doing the insertion were
also the router forwarding onto a link where the MTU would be
exceeded: it could instead generate a PTB.
[ ICMPv6 error reporting ]
I called out this case in particular because I also think it could
complicate a sending node's implementation. However:
(a) the additional processing complexity is only incurred by sending
nodes that insert RHs ("no Routing Header, no cry"),
(b) if the ICMPv6 error originator filled the packet out to 1280
bytes per RFC 4443 S2.4 (c) then it seems possible that things could
all still work, and
(b) even RFC 4443 acknowledges that sometimes ICMPv6 error messages
just can't be properly processed; the 2nd paragraph of RFC 4443 S2.4
(d) is a partial list of when a node invokes the "shrug emoji handling
routine".
> 3) RFC8200 also contains the following text, as one of the intended
> clarifications:
>
> o Clarified that extension headers (except for the Hop-by-Hop
> Options header) are not processed, inserted, or deleted by any
> node along a packet's delivery path.
> ?
>
> If the argument is that nodes listed in a RH can mangle with EHs, then,
> in order for this sentence to make any sense, is your interpretation
> that the noes listed in a RH are not part of the packet delivery path?
This text you've excerpted is from Appendix B that summarizes changes
from RFC 2460. Its brevity elides *all* the truly relevant details in
the rest of the document and I fail to see how it can be used to
supersede the real, detailed text.
> 4) The very RH is specified as:
> 4.4. Routing Header
>
> The Routing header is used by an IPv6 source to list one or more
> intermediate nodes to be "visited" on the way to a packet's
> destination.
>
> Where there's no use of destination vs final destination -- indeed, this
> text implies that the "destination" is the final destination of the
> packet. In that light, why would one specific interpretation of one part
> of the current standard (RFC8200) be considered to override or take
> precedence over other parts of the standard? And, in particular, when
> one of such parts and interpretations break several protocol mechanisms,
> and the other doesn't?
Because, as has been stated, the text in Section 3 goes out of its way
to identify when the Destination Address field may not be that of the
ultimate destination, and Section 4 defines the node in the
Destination Address field as the one able to modify headers.
> 5) Based on a literal reading of RFC8200, the processing of a
> Destinations OPtions Header preceding a RH is not allowed. As such,
> should we also consider that nodes must ignore the DOH preceding a RH in
> IPv6 packets?
I'm afraid I don't quite follow you here. Section 4.1 discusses this
in detail, and note 1 identifies this use case explicitly.
Cheers,
-ek
- [Errata Rejected] RFC8200 (6003) RFC Errata System
- Re: [Errata Rejected] RFC8200 (6003) Fernando Gont
- Re: [Errata Rejected] RFC8200 (6003) Erik Kline
- Re: [Errata Rejected] RFC8200 (6003) JINMEI Tatuya / 神明達哉
- RE: [Errata Rejected] RFC8200 (6003) Xiejingrong (Jingrong)
- Spring Appeal and [Errata Rejected] RFC8200 (6003) Fernando Gont
- Re: Spring Appeal and [Errata Rejected] RFC8200 (… otroan
- Re: Spring Appeal and [Errata Rejected] RFC8200 (… Fernando Gont
- Re: Spring Appeal and [Errata Rejected] RFC8200 (… Erik Kline
- Re: Spring Appeal and [Errata Rejected] RFC8200 (… Fernando Gont
- Re: Spring Appeal and [Errata Rejected] RFC8200 (… Sander Steffann
- Re: Spring Appeal and [Errata Rejected] RFC8200 (… Robert Raszuk
- Re: Spring Appeal and [Errata Rejected] RFC8200 (… Sander Steffann
- Re: Spring Appeal and [Errata Rejected] RFC8200 (… Robert Raszuk
- Re: Spring Appeal and [Errata Rejected] RFC8200 (… Brian E Carpenter
- Re: Spring Appeal and [Errata Rejected] RFC8200 (… Lorenzo Colitti