RE: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt> (Implications of Oversized IPv6 Header Chains) to Proposed Standard
"Templin, Fred L" <Fred.L.Templin@boeing.com> Fri, 11 October 2013 15:36 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DB0B11E8235; Fri, 11 Oct 2013 08:36:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.388
X-Spam-Level:
X-Spam-Status: No, score=-6.388 tagged_above=-999 required=5 tests=[AWL=0.211, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XQQCUfrh1Zty; Fri, 11 Oct 2013 08:36:05 -0700 (PDT)
Received: from stl-mbsout-02.boeing.com (stl-mbsout-02.boeing.com [130.76.96.170]) by ietfa.amsl.com (Postfix) with ESMTP id EFF8011E821F; Fri, 11 Oct 2013 08:36:04 -0700 (PDT)
Received: from stl-mbsout-02.boeing.com (localhost.localdomain [127.0.0.1]) by stl-mbsout-02.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id r9BFa3O7009490; Fri, 11 Oct 2013 10:36:04 -0500
Received: from XCH-NWHT-11.nw.nos.boeing.com (xch-nwht-11.nw.nos.boeing.com [130.247.25.114]) by stl-mbsout-02.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id r9BFZu2i009356 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Fri, 11 Oct 2013 10:36:03 -0500
Received: from XCH-BLV-305.nw.nos.boeing.com (130.247.25.217) by XCH-NWHT-11.nw.nos.boeing.com (130.247.25.114) with Microsoft SMTP Server (TLS) id 8.3.327.1; Fri, 11 Oct 2013 08:36:00 -0700
Received: from XCH-BLV-504.nw.nos.boeing.com ([169.254.4.85]) by XCH-BLV-305.nw.nos.boeing.com ([169.254.5.85]) with mapi id 14.03.0158.001; Fri, 11 Oct 2013 08:36:00 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Fernando Gont <fgont@si6networks.com>, Ray Hunter <v6ops@globis.net>, "brian.e.carpenter@gmail.com" <brian.e.carpenter@gmail.com>
Subject: RE: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt> (Implications of Oversized IPv6 Header Chains) to Proposed Standard
Thread-Topic: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt> (Implications of Oversized IPv6 Header Chains) to Proposed Standard
Thread-Index: AQHOxlzzebc9KTehbEGO6mhunuAlj5nvofSw
Date: Fri, 11 Oct 2013 15:36:00 +0000
Message-ID: <2134F8430051B64F815C691A62D9831812C120@XCH-BLV-504.nw.nos.boeing.com>
References: <20131002185522.20697.96027.idtracker@ietfa.amsl.com> <2134F8430051B64F815C691A62D9831811AEFC@XCH-BLV-504.nw.nos.boeing.com> <2134F8430051B64F815C691A62D9831811BDD3@XCH-BLV-504.nw.nos.boeing.com> <9300F272-E282-41C3-9DA8-59134B975FC7@employees.org> <9e33a47bb2834c15ba4269ae8c79c46f@BLUPR05MB433.namprd05.prod.outlook.com> <2134F8430051B64F815C691A62D9831811EB23@XCH-BLV-504.nw.nos.boeing.com> <D1F5CE61-253E-4F07-AED1-4A4AB4C4AB68@employees.org> <2134F8430051B64F815C691A62D9831811EE66@XCH-BLV-504.nw.nos.boeing.com> <E29381FD-C839-4DBA-8711-3A4EBA83E379@employees.org> <2134F8430051B64F815C691A62D9831811EF1C@XCH-BLV-504.nw.nos.boeing.com> <5255D6EE.4050300@gmail.com> <2134F8430051B64F815C691A62D9831811F688@XCH-BLV-504.nw.nos.boeing.com> <5257AD5E.9090806@globis.net> <5257B870.1060003@si6networks.com>
In-Reply-To: <5257B870.1060003@si6networks.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.247.104.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
Cc: 6man Mailing List <ipv6@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2013 15:36:11 -0000
Hi Fernando, > -----Original Message----- > From: Fernando Gont [mailto:fgont@si6networks.com] > Sent: Friday, October 11, 2013 1:36 AM > To: Ray Hunter; Templin, Fred L; brian.e.carpenter@gmail.com > Cc: 6man Mailing List; ietf@ietf.org > Subject: Re: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt> > (Implications of Oversized IPv6 Header Chains) to Proposed Standard > > On 10/11/2013 04:48 AM, Ray Hunter wrote: > > > > I think the draft does what it can in a pragmatic manner, but might > > benefit from some acknowledgement that this security approach of > > applying parsing at a single perimeter can never ever catch all > variants > > of transporting FOO over BAR. > > FWIW, my idea of the I-D is that it says "look, if you don't put all > this info into the first fragment, it's extremely likely that your > packets will be dropped". That doesn't mean that a middle-box may want > to look further. But looking further might imply > reassemble-inspect-and-refragment... or even reassemble the TCP stream > (e.g. think about a SSL/TCP-based VPN...) We definitely don't want that. That is why we would prefer for the entire header chain (starting from the outermost IP header up to and including the headers inserted by the original host) to fit within the first fragment even if there are multiple encapsulations on the path. Thanks - Fred fred.l.templin@boeing.com > Cheers, > -- > Fernando Gont > SI6 Networks > e-mail: fgont@si6networks.com > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > >
- Last Call: <draft-ietf-6man-oversized-header-chai… The IESG
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ole Troan
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: Last Call: <draft-ietf-6man-oversized-header-… Ronald Bonica
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ole Troan
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ole Troan
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Brian E Carpenter
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: RE: Last Call: <draft-ietf-6man-oversized-hea… Ray Hunter
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: RE: Last Call: <draft-ietf-6man-oversized-hea… Templin, Fred L
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ray Hunter
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Brian E Carpenter
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Brian E Carpenter
- RE: Last Call: <draft-ietf-6man-oversized-header-… Ronald Bonica
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Brian E Carpenter
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ray Hunter
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ray Hunter
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Ole Troan
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- Re: Last Call: <draft-ietf-6man-oversized-header-… Fernando Gont
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L
- RE: Last Call: <draft-ietf-6man-oversized-header-… Templin, Fred L