Re: Next steps on Extension Header Insertion
Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 03 November 2016 19:36 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAFED1295E0 for <ipv6@ietfa.amsl.com>; Thu, 3 Nov 2016 12:36:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xWhq_nhdj-j4 for <ipv6@ietfa.amsl.com>; Thu, 3 Nov 2016 12:36:30 -0700 (PDT)
Received: from mail-pf0-x233.google.com (mail-pf0-x233.google.com [IPv6:2607:f8b0:400e:c00::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F492129431 for <ipv6@ietf.org>; Thu, 3 Nov 2016 12:36:30 -0700 (PDT)
Received: by mail-pf0-x233.google.com with SMTP id i88so36418144pfk.2 for <ipv6@ietf.org>; Thu, 03 Nov 2016 12:36:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=M0SBLYIYn2KEcMzJEy6534dmpSP47sEGyu451tkC02M=; b=K9/tASuPXZSLtUeWM/mnMlK1uGIFO/q++I3/Whyf5JPi1RlOBFFXEoMfE5R1qVTabY 3gDzC7u50C1GzhGVS5npJ9ZNbOvTpwH/ZplZK/GpiXXQE0699d7QnaL1fSM5os7q5DFi nNIggs9ZZRvzeH3/LtzlvCzq40X+bjpr7Mz6sANMStI2H2W9eU/hqBKG6zkpdLP7bTSJ Z/q++HlPyQ0mZK7tVKvpTfUpiO97dJPD6OsL67t8pq+nT09nsGzwf0FtiJ/3bYPH3a6r lfBOKn73cYVlhH5HajQd/TM9/r4r6n3XLwBtbpwO6JL+odAUrnCiyY7/FfOh0og4qVHg GDGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=M0SBLYIYn2KEcMzJEy6534dmpSP47sEGyu451tkC02M=; b=CCvUo5q4bfM/JpP8y3XThWpN/BXkzTYX/YKLwQh0EHJ+PNPnfTqd6uJhPRSIKndS1r GLGsLEALw157J6GFdxQGMOlwFKibrhv0nlKg/RRtxkM7szBC4gY3MIdGij/urU8VY0F9 xYy5s1PqobNG2lcWoLyz80aQXWqBY445KFvZnF8tsnqUQ/97lXFNeRr9Lan1ZyJeXGZ0 x9G/YwerCZ76NaVvTtNq1S+9/7GUYieFFJWokLJKGGm9J0FC4sAKd7gRvP74Ea29p1cU W9obZN39ozmk5qUCF8pqqWQGF4+uoz1SOYpv3g6+B5zdW/EhZo21uZqD5kJE/Pt7sJKU /rtg==
X-Gm-Message-State: ABUngvduVtsG5I8XieT7qVH6bbZOE/XxAh+Y++rhp0kSvIDJKwemqUZM/4i5XFRnSyynPw==
X-Received: by 10.98.70.150 with SMTP id o22mr19767754pfi.134.1478201789699; Thu, 03 Nov 2016 12:36:29 -0700 (PDT)
Received: from [192.168.178.23] ([118.148.73.28]) by smtp.gmail.com with ESMTPSA id vl10sm8182596pab.19.2016.11.03.12.36.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Nov 2016 12:36:29 -0700 (PDT)
Subject: Re: Next steps on Extension Header Insertion
To: Sander Steffann <sander@steffann.nl>, otroan@employees.org
References: <B291E9E6-A803-423F-BFA5-87A74DCFB784@gmail.com> <dfe00826-1bcd-80ae-e6dc-7763c506cbe4@si6networks.com> <9CA73891-B4FA-47DF-82E1-A4867DBC6A3F@steffann.nl> <3C56AA77-18E4-4254-BB6A-A447CE115392@employees.org> <CAG6TeAtJdUua3saSGz0SX7DW6hwf74yAexpnfYoP1bg6v1eywA@mail.gmail.com> <17984D1D-1A3C-4AA5-B2EC-BE5C645A272C@steffann.nl> <369FB219-9979-43CE-B83D-D7C422FC7711@employees.org> <53FE6D80-040F-42DA-BA51-F3A40ABF248F@steffann.nl> <5FA646CC-DD40-4D20-A6C5-AF1D5D90E563@employees.org> <7010E4D5-2A0E-4358-AD76-9996004ED642@steffann.nl>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <895e153b-ec5c-9f7a-4a5a-31cb7ddc8cc0@gmail.com>
Date: Fri, 04 Nov 2016 08:36:34 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <7010E4D5-2A0E-4358-AD76-9996004ED642@steffann.nl>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/9gI3_G2xl5AgLDKg-XQ2xLEELEM>
Cc: Fernando Gont <fgont@si6networks.com>, Bob Hinden <bob.hinden@gmail.com>, 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 19:36:32 -0000
On 04/11/2016 02:11, Sander Steffann wrote:
> Hi,
>
>> What you are saying is something like:
>>
>> "The IPv6 header fields described as immutable in RFC4302 MUST NOT be changed by the network. If within an administrative domain any of the immutable fields are changed, they MUST be restored on exit from the domain."
>>
>> Correct?
>
> Yes, thank you for coming up with a good short bit of text. As RFC4302 defines the next-header field as immutable that would lock down the EH chain,
Yes but... I understand that AH is more or less deprecated by the security community.
So while it has correctly identified what needs to be immutable, I'm not sure it's
a sound basis for a general requirement (much as I agree with that requirement).
Also, when we tried to write text for the flow label about restoring it on exit
from a domain, we were pretty much told to go away and stop being silly.
Brian
>
>> Cheers,
>> Ole
>>
>> PS: As an operator would you be happy if I sent packets with NH=59, SA=:: with an integrity check covering all fields apart from the HLIM field, and everything else beyond the IPv6 header (40 bytes) was encrypted?
>
> Hmmmmm. Interesting question. As a network operator I'd probably drop that packet because of BCP38. As a security engineer I would be scratching my head and wondering what was going on. But effectively the payload wouldn't be that different from ESP...
>
> Cheers,
> Sander
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
- Next steps on Extension Header Insertion Bob Hinden
- Syntax glitch [Re: Next steps on Extension Header… Brian E Carpenter
- Re: Syntax glitch [Re: Next steps on Extension He… Bob Hinden
- Re: Syntax glitch [Re: Next steps on Extension He… Mark Smith
- Re: Syntax glitch [Re: Next steps on Extension He… otroan
- Re: Next steps on Extension Header Insertion 神明達哉
- Re: Next steps on Extension Header Insertion Bob Hinden
- Re: Next steps on Extension Header Insertion 神明達哉
- Re: Next steps on Extension Header Insertion Fred Baker
- Re: Next steps on Extension Header Insertion Fernando Gont
- Re: Next steps on Extension Header Insertion 神明達哉
- Re: Next steps on Extension Header Insertion Sander Steffann
- Re: Next steps on Extension Header Insertion Jan Zorz - Go6
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Mark Smith
- Re: Next steps on Extension Header Insertion otroan
- Reminder, poll on header insertion closes soon Bob Hinden
- Re: Next steps on Extension Header Insertion Fernando Gont
- RE: Next steps on Extension Header Insertion mohamed.boucadair
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Tim Chown
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Sander Steffann
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Sander Steffann
- Re: Next steps on Extension Header Insertion Jan Zorz - Go6
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Sander Steffann
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Sander Steffann
- Re: Next steps on Extension Header Insertion Mark Smith
- Re: Next steps on Extension Header Insertion Brian E Carpenter
- Re: Next steps on Extension Header Insertion Brian E Carpenter
- Re: Next steps on Extension Header Insertion Mark Smith
- Re: Next steps on Extension Header Insertion Tim Chown
- Re: Next steps on Extension Header Insertion Stefano Previdi (sprevidi)
- Re: Next steps on Extension Header Insertion Fernando Gont
- Re: Next steps on Extension Header Insertion Fernando Gont
- Re: Next steps on Extension Header Insertion Stefano Previdi (sprevidi)
- Re: Next steps on Extension Header Insertion Mark Smith
- Re: Next steps on Extension Header Insertion Stefano Previdi (sprevidi)
- Re: Next steps on Extension Header Insertion Brian E Carpenter
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Stefano Previdi (sprevidi)
- Re: Next steps on Extension Header Insertion Stefano Previdi (sprevidi)
- Re: Next steps on Extension Header Insertion 神明達哉
- Re: Next steps on Extension Header Insertion Brian E Carpenter
- Re: Next steps on Extension Header Insertion Stefano Previdi (sprevidi)
- Re: Next steps on Extension Header Insertion Tim Chown