RE: icmpv6-v3 comments
Mukesh.Gupta@nokia.com Tue, 23 March 2004 15:54 UTC
Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA05207 for <ipv6-archive@odin.ietf.org>; Tue, 23 Mar 2004 10:54:53 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B5oEU-0000gw-Rq for ipv6-archive@odin.ietf.org; Tue, 23 Mar 2004 10:54:26 -0500
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i2NFsQhe002655 for ipv6-archive@odin.ietf.org; Tue, 23 Mar 2004 10:54:26 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B5oEU-0000gi-9k for ipv6-web-archive@optimus.ietf.org; Tue, 23 Mar 2004 10:54:26 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA05167 for <ipv6-web-archive@ietf.org>; Tue, 23 Mar 2004 10:54:22 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B5oER-0006Es-00 for ipv6-web-archive@ietf.org; Tue, 23 Mar 2004 10:54:23 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B5oDZ-00067B-00 for ipv6-web-archive@ietf.org; Tue, 23 Mar 2004 10:53:30 -0500
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1B5oCg-0005zM-00 for ipv6-web-archive@ietf.org; Tue, 23 Mar 2004 10:52:34 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B5oCA-0000Io-EN; Tue, 23 Mar 2004 10:52:02 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1B5oBm-0000EY-Lk for ipv6@optimus.ietf.org; Tue, 23 Mar 2004 10:51:38 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA04970 for <ipv6@ietf.org>; Tue, 23 Mar 2004 10:51:34 -0500 (EST)
From: Mukesh.Gupta@nokia.com
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B5oBk-0005oV-00 for ipv6@ietf.org; Tue, 23 Mar 2004 10:51:36 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B5oAf-0005es-00 for ipv6@ietf.org; Tue, 23 Mar 2004 10:50:30 -0500
Received: from mgw-x1.nokia.com ([131.228.20.21]) by ietf-mx with esmtp (Exim 4.12) id 1B5o9n-0005VS-00 for ipv6@ietf.org; Tue, 23 Mar 2004 10:49:35 -0500
Received: from esdks001.ntc.nokia.com (esdks001.ntc.nokia.com [172.21.138.120]) by mgw-x1.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i2NFnWA09091; Tue, 23 Mar 2004 17:49:32 +0200 (EET)
X-Scanned: Tue, 23 Mar 2004 17:50:54 +0200 Nokia Message Protector V1.3.21 2004031416 - RELEASE
Received: (from root@localhost) by esdks001.ntc.nokia.com (8.12.9/8.12.9) id i2NFosW7016215; Tue, 23 Mar 2004 17:50:54 +0200
Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks001.ntc.nokia.com 00UbC5js; Tue, 23 Mar 2004 17:47:42 EET
Received: from daebh002.NOE.Nokia.com (daebh002.americas.nokia.com [10.241.35.122]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i2NFk1s20286; Tue, 23 Mar 2004 17:46:01 +0200 (EET)
Received: from daebe009.NOE.Nokia.com ([10.241.35.109]) by daebh002.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Tue, 23 Mar 2004 09:45:53 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: icmpv6-v3 comments
Date: Tue, 23 Mar 2004 09:45:52 -0600
Message-ID: <8D260779A766FB4A9C1739A476F84FA401F799E1@daebe009.americas.nokia.com>
Thread-Topic: icmpv6-v3 comments
Thread-Index: AcQQDKqLdJC2RZycQBGHZaoMmbqfhgA24pUA
To: pekkas@netcore.fi
Cc: ipv6@ietf.org
X-OriginalArrivalTime: 23 Mar 2004 15:45:53.0545 (UTC) FILETIME=[EC913790:01C410ED]
Content-Transfer-Encoding: quoted-printable
Sender: ipv6-admin@ietf.org
Errors-To: ipv6-admin@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Id: IP Version 6 Working Group (ipv6) <ipv6.ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.4 required=5.0 tests=AWL, NO_REAL_NAME autolearn=no version=2.60
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable
Pekka, comments inline.. > Well, if we conclude that those are required, maybe we have to use > draft-ietf-ipsec-rfc2402bis instead -- that's already been at IESG > evaluation so might not end up blocking the document. I think, we should use the latest drafts instead of the old RFCs. I will update this in the next draft. > PMTUD and Addr-arch would probably have to go on Informational > section, unless we conclude that they're too strong to be used here. I don't mind moving them to informational. Will do that in the next draft if no one has any objection to this. > > > > (c) If the message is a response to a message sent to > an address > > > that does not belong to the node, the Source > Address should be > > > that unicast address belonging to the node that > will be most > > > helpful in diagnosing the error. For example, if > the message is > > > a response to a packet forwarding action that > cannot complete > > > successfully, the Source Address should be a > unicast address > > > belonging to the interface on which the packet forwarding > > > failed. > > > > > > ==> not sure if this has been implemented, so the usability > > > of this generic rule seems questionable. > > > > Are you proposing to remove this ? > > Yes. > > (But if people think mentioning some optional behaviour > like this is a good idea, maybe it could be reworded/ > removed in the appendix as well.) I am fine with removing this. If anyone is interested in keeping this, please let me know. > > Actually, I wanted to keep the description of the codes in > the numerical > > order. If this description sounds confusing, could you > suggest how to > > re-word it such that it is clearer without moving the > descriptions of > > 4, 5 and 6 before this ? > > Maybe reword: > > If the reason for the failure to deliver can not be mapped > to any of the specific codes listed above, the Code field > is set to 3. > > to: > > If the reason for the failure to deliver can not be mapped > to any of other codes, the Code field is set to 3. > > ? Sounds good to me. > > > It SHOULD be possible for the system administrator to > configure a > > > node to ignore any ICMP messages that are not > authenticated using > > > either the Authentication Header or Encapsulating > Security Payload. > > > Such a switch SHOULD default to allowing > unauthenticated messages. > > > > > > ==> has this even been implemented anywhere? could maybe be > > > deleted? This is completely unpractical, e.g., just consider > > > PMTU packets -- there is no way you'll ever be able to set > > > up security associations with everyone in the Internet to be > > > able to accept the packets :) > > > > I completely agree with you that this is unpractical but it does > > make sense to a completely paranoid administrator. Whoever turns > > this option ON might not be interested in using PMTU. I don't > > see any harm in keeping it. We can make it a MAY from SHOULD. > > > > What say ?? > > OK -- I'm fine with putting it in as MAY, with some > additional text to describe its inherent problems, > e.g. like: > > Note that setting up Security Associations to deal with all the > required ICMP packets is a very difficult, if not even impossible, > task (e.g., consider the PMTUD packets) so typically this is does > not seem to be practical. I don't agree that it is completely impractical to use IPv6 without PMTUD. What about: Note that setting up Security Associations to deal with all the required ICMP packets is a very difficult task (e.g., consider the PMTUD packets). So PMTUD (and possibly some others) may not work if the node only allows authenticated ICMP packet. > > > > [PMTU] McCann, J., S. Deering, J. Mogul, "Path > MTU Discovery > > > for IP version 6", RFC1981, August 1996. > > > > > > [IPv6-SA] Kent, S., R. Atkinson, "Security > Architecture for the > > > Internet Protocol", RFC1825, November 1998. > > > > > > ==> These, and IPsec RFCs are PS's at the moment -- can't refer. > > > IPsec ones are being revised though, if that helps any. > > > > As I referred from the draft-ymbk-downref-01.txt, IPsec RFCs should > > be normative. So what should we do now ? > > > > Also should we refer to the old IPsec RFCs or we should refer to the > > updated ones ? If we want to refer to updated ones, how do we refer > > to them because they are still drafts. > > See above. Referring to drafts is OK as long as they don't create a > blockage when this work moves forward. As the docs are already at > IESG and this is not, this is (hopefully!) not a problem. Ok. Regards Mukesh -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- icmpv6-v3 comments Pekka Savola
- RE: icmpv6-v3 comments Mukesh.Gupta
- RE: icmpv6-v3 comments Pekka Savola
- RE: icmpv6-v3 comments Mukesh.Gupta
- RE: icmpv6-v3 comments Pekka Savola
- RE: icmpv6-v3 comments Mukesh.Gupta