IETF Logo Mail Archive

Re: [Technical Errata Reported] RFC8200 (5933)

Tom Herbert <tom@herbertland.com> Wed, 11 December 2019 15:51 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32AE5120B9C for <ipv6@ietfa.amsl.com>; Wed, 11 Dec 2019 07:51:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ukhy-1_T_IM9 for <ipv6@ietfa.amsl.com>; Wed, 11 Dec 2019 07:51:02 -0800 (PST)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1640120BA7 for <ipv6@ietf.org>; Wed, 11 Dec 2019 07:51:01 -0800 (PST)
Received: by mail-ed1-x52d.google.com with SMTP id c26so19799081eds.8 for <ipv6@ietf.org>; Wed, 11 Dec 2019 07:51:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=PlxHGfRAlWDKDQ35RncSWmHaaTi7gTxtXeaUZ0fkYgk=; b=iyWMqvIQk/+LiGVKiRXV+X+pWqOvfaSPbcM5tLoDQc070I1Q5aG5mh+Mxh2LyolVxp FxRS4p61/u706kI4VVjUMgM4cLlgGnSR9ByPMMNQyCMywYrbasc1lWYNQ3zYFz0zyZT5 6M+sHrM/292RVZhdJF0EaadSKQk0Us4q0fmc8suv18LbVHu/Wkc0iDTJCtHrFEEFaW0A 4uPWlAaiSzabH0Y4tFr/zeEIcadkeqLsUJI7FMlkszT7p+ANYMLTj1EEPv4pw/KKyDET 1T89tVIYZ5bmZFWcR0mOdzO2h5jwxWobmtojGMSrzBjaTJRNysi2biRyghe4WjLsQoKb 6gkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=PlxHGfRAlWDKDQ35RncSWmHaaTi7gTxtXeaUZ0fkYgk=; b=B7+jAa35yeUYSHYb8X7jeAF3SsuAYeaZF4pmoPStdzIJQRbMBK3aS5ZdCd1bn+kgXB qHBxgLGM/wcx09jy+U2JiZJtea1LGmXr4M3HbLdNNJKn4AIjNxEgoaDQs/TMs/97CsdV XgCmlGOpgiXj22P3jvTiNI68Xjoaw8tzJy9KHLSLVVFLxKsof6Vkd2t5pNxFu2JAhjdo ehyD6I+wIEYg5WH4h2EC6NgQ9R5oIdugXfjuYnPKx0l/1v5nF1TPKe40WNmLGdNXhhEp k6819lggGIQ1SBWxLoI4XYSrSF064jH68YwgABGSdQkOX1Hjk7lqdxF8XjB/Bjpca1jM L/jw==
X-Gm-Message-State: APjAAAVITjsbDm+KIifnui4On7RW1muhphLj2Tsh4Ww0GYrOUxb9DjID tvYvev6kniHqWuAGY87YN0t5h9wBOEYvl/jSGFtoJg==
X-Google-Smtp-Source: APXvYqzdXahupUQBbNdT9c0buhtW2+MMSm7YPxciCgCP3ErZrgOE8oL2Q/qb92NbVqLl/Ao4AqH0AumXHqzCRyYxARU=
X-Received: by 2002:a17:906:9615:: with SMTP id s21mr4059445ejx.20.1576079460195; Wed, 11 Dec 2019 07:51:00 -0800 (PST)
MIME-Version: 1.0
References: <20191211032724.46F77F406F3@rfc-editor.org> <468d4c89-d71f-5c7d-6929-8b1a88000df5@gmail.com>
In-Reply-To: <468d4c89-d71f-5c7d-6929-8b1a88000df5@gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 11 Dec 2019 07:50:48 -0800
Message-ID: <CALx6S376jNUDDSQnguAAa_qZGQNzt=eQ_pnTH7V6U8d+cFFsTw@mail.gmail.com>
Subject: Re: [Technical Errata Reported] RFC8200 (5933)
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Cc: 6man <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/4jamy_OerniEfKSMw2u8ZDJzTE4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2019 15:51:06 -0000

On Tue, Dec 10, 2019 at 11:44 PM Alexandre Petrescu
<alexandre.petrescu@gmail.com> wrote:
>
>
>
> Le 11/12/2019 à 04:27, RFC Errata System a écrit :
> > The following errata report has been submitted for RFC8200,
> > "Internet Protocol, Version 6 (IPv6) Specification".
> >
> > --------------------------------------
> > You may review the report below and at:
> > https://www.rfc-editor.org/errata/eid5933
> >
> > --------------------------------------
> > Type: Technical
> > Reported by: Fernando Gont <fgont@si6networks.com>
> >
> > Section: 4
> >
> > Original Text
> > -------------
> >     Extension headers (except for the Hop-by-Hop Options header) are not
> >     processed, inserted, or deleted by any node along a packet's delivery
> >     path, until the packet reaches the node (or each of the set of nodes,
> >     in the case of multicast) identified in the Destination Address field
> >     of the IPv6 header.
> >
> >     The Hop-by-Hop Options header is not inserted or deleted, but may be
> >     examined or processed by any node along a packet's delivery path,
> >     until the packet reaches the node (or each of the set of nodes, in
> >     the case of multicast) identified in the Destination Address field of
> >     the IPv6 header.  The Hop-by-Hop Options header, when present, must
> >     immediately follow the IPv6 header.  Its presence is indicated by the
> >     value zero in the Next Header field of the IPv6 header.
> >
> >
> > Corrected Text
> > --------------
> >     Extension headers (except for the Hop-by-Hop Options header, or a
> >     Destination Options header preceding a Routing header) are not processed,
> >     inserted, or deleted by any node along a packet's delivery path,
>
> packet delivery path, slow path... two very distinct concepts.  One is
> in the network with real cables, the other is in a chip or on a bus with
> copper on a printed board.
>
> >    until the
> >     packet reaches the final destination node (or each of the set of final
> >     destination nodes, in the case of multicast).
> >
> >     For packets that do not include a Routing Header, the final destination
> >     node is identified by the Destination Address field of the IPv6 header.
> >     For packets that include a Routing Header, the final destination node is
> >     identified by the Destination Address field of the IPv6 header only when
> >     the Segments Left field of the Routing Header is 0.
> >
> >     The Hop-by-Hop Options header is not inserted or deleted, but may be
> >     examined or processed by any node along a packet's delivery path,
> >     until the packet reaches the final destination node (or each of the set of
> >     final destination nodes, in the case of multicast). The Hop-by-Hop Options
> >     header, when present, must immediately follow the IPv6 header.  Its
> >     presence is indicated by the value zero in the Next Header field of the
> >     IPv6 header.
> >
> >     A Destination Options header preceding a Routing Header is not
> >     processed, inserted, or deleted by any node along a packet's delivery
> >     path, until the packet reaches the destination node (or each of the set
> >     of destination nodes, in the case of multicast) identified by the
> >     Destination Address field of the IPv6 header. This means that  a
> >     Destination Options header preceding a Routing Header will be
> >     processed by the first destination of the packet (specified by the
> >     Destination Address field of the IPv6 header at the origin node) and by
> >     each node listed in the Routing Header.
> >
> > Notes
> > -----
> > This errata clarifies two different issues:
> >
> > * It clarifies that nodes other than the final destination do not insert o remove extension headers.
>
> This final destination is somehow a strange concept.  It can be a
> computer node that owns several addresses.  But this is difficult with
> virtualization.  Owning one address is difficult to prove as well.
>
Agreed. This could also be contorted to mean that the lower part of
the stack in final destination node might be allowed to insert
extension headers in a packet before delivering to the application. I
think it's more direct to simply say that inserting or removing
extension headers is not allowed at any node. A source node creates
packet with them, it doesn't insert them. Similarly, the final
destination discards extension headers after processing them as part
of the normal terminal processing of the packet, it doesn't remove
them.

I suggest this text:

"The source node of a packet, identified by the source address, may
include extension headers in a packet when it is created. Extension
headers must not be inserted or removed, and the length of any
extension header must not be changed, by any node for the lifetime of
the IPv6 packet. Note that it follows from these requirements that the
length of an IPv6 packet cannot change once the packet has been
created by the source node.

Extension headers (except for the Hop-by-Hop Options header) must not
be processed by any node along a packet's delivery path, until the
packet reaches the final destination node (or each of the set of final
destination nodes, in the case of multicast).

For packets that do not include a Routing Header, the final
destination node is identified by the Destination Address field of the
IPv6 header. For packets that include a Routing Header, the final
destination node is identified by the Destination Address field of the
IPv6 header only when the Segments Left field of the Routing Header is
0.

The Hop-by-Hop Options header may be examined or processed by any node
along a packet's delivery path including the final destination node
(or each of the set of final destination nodes, in the case of
multicast). The Hop-by-Hop Options header, when present, must
immediately follow the IPv6 header. Its presence is indicated by the
value zero in the Next Header field of the IPv6 header.

A Destination Options header preceding a Routing Header must not
processed by any node along a packet's delivery path, until the packet
reaches the destination node (or each of the set of destination nodes,
in the case of multicast) identified by the Destination Address field
of the IPv6 header. This means that a Destination Options header
preceding a Routing Header will be processed by the first destination
of the packet (specified by the Destination Address field of the IPv6
header at the origin node) and by each node listed in the Routing
Header."

> In that sense, it would help to clarify the concept of 'final
> destination' by maybe using a tight relationship between an IP address
> and an identifier of a node.  Such an identifier could be a number in
> the BIOS, or something from a TPM or HSM (trust modules).
>
> Otherwise, I can still interpret that clarification as allowing
> intermediary nodes to insert/remove EHs.
>
> Alex
>
> >
> > * It clarifies that the Destination Options header preceding a routing header *is* processed along the
> >     packet delivery's path, but the node(s) identified by the Destination Address of the IPv6 header.
> >
> > Instructions:
> > -------------
> > This erratum is currently posted as "Reported". If necessary, please
> > use "Reply All" to discuss whether it should be verified or
> > rejected. When a decision is reached, the verifying party
> > can log in to change the status and edit the report, if necessary.
> >
> > --------------------------------------
> > RFC8200 (draft-ietf-6man-rfc2460bis-13)
> > --------------------------------------
> > Title               : Internet Protocol, Version 6 (IPv6) Specification
> > Publication Date    : July 2017
> > Author(s)           : S. Deering, R. Hinden
> > Category            : INTERNET STANDARD
> > Source              : IPv6 Maintenance
> > Area                : Internet
> > Stream              : IETF
> > Verifying Party     : IESG
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> >
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email