[IPv6]draft-herbert-eh-inflight-removal-03
Sebastian Moeller <moeller0@gmx.de> Sat, 08 June 2024 19:46 UTC
Return-Path: <moeller0@gmx.de>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAB27C14EB1E for <ipv6@ietfa.amsl.com>; Sat, 8 Jun 2024 12:46:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.845
X-Spam-Level:
X-Spam-Status: No, score=-1.845 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zfTFwQQz9Bsh for <ipv6@ietfa.amsl.com>; Sat, 8 Jun 2024 12:46:30 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2197DC14EB17 for <ipv6@ietf.org>; Sat, 8 Jun 2024 12:46:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1717875988; x=1718480788; i=moeller0@gmx.de; bh=O2rD1K7VwYNh0XEelpOc42tqpGN+7tLq53GDDLKlhNU=; h=X-UI-Sender-Class:From:Content-Type:Content-Transfer-Encoding: Mime-Version:Subject:Message-Id:Date:To:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=N0TIsxaHNmDGykOtxCM6JJTIaG3QYa+T9To/WeDGcZ/mRKtunAFwYZAQ/XdXP49j wiYAcB/f4AYQ5c+wsWtW9T5nzntVFLkecTai28lomGdSIRAq/+GGxAcdoFk3LQyPz aMrF9fhoMDNAP88qv6V6WNtA5Y98lBiYDZ+7+ybA1Ujm7LOrBswl1ouQgLngjEvZ6 RwmB55rWZaBDqZLzIcutj2/tP35U/2D7fMR2e7vo13mXopnmXT6IuhfUHyY9yPVp9 2/HZwH9eBS6FM6N3trvS9pttI0rslM+tzwPNH27a6GdGoFC6c8brmrjNHl/Xmf6XF /j/B3pdGLrdHS0n9NA==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from smtpclient.apple ([77.10.185.195]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1M59GA-1sEvYW1MNY-00H5HS for <ipv6@ietf.org>; Sat, 08 Jun 2024 21:46:28 +0200
From: Sebastian Moeller <moeller0@gmx.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\))
Message-Id: <0C70E8E1-B3BA-4FCB-9B15-939A4610D092@gmx.de>
Date: Sat, 08 Jun 2024 21:46:17 +0200
To: 6man <ipv6@ietf.org>
X-Mailer: Apple Mail (2.3774.600.62)
X-Provags-ID: V03:K1:CpWqG9/i683MAavjm9VSQnB9I74otr4yEBz02622/LrP+GaOmtN nT7luqU787TzHj6ixJ3PTUaytCvI1JXFWCuUqItKSSIoVZLCWOW/Fr9/Mhvr4vZTUO1Vias pwURuRYjQDihfH670QX4cuJE5L7nXvxkIv8luROYmeUyi8nujL64eslIw3+w/DXz4smt/cO BY9gNHs4IrioSuPzu1x6Q==
UI-OutboundReport: notjunk:1;M01:P0:JvGqgc/nPj0=;DldYcRZ+yM2/9z7rcRKGDtfnl9r U0/l/SaENw0sDHx8UgYKZPJmzK4LJmfZXnF+2saRL7ep1ytLQPhU2rb5H4QF/v7mUBw+g3FUo xanvdPhQTlih+s8zzy4Dq8EUXW9aYUPxH7hb5mOxpPlEGomWXUfICOcNXy6Soom16IEAITsVk WC8UYyXwYjrBjn3TQlI270TmPoDjvq1jQPFtcm1dieW7n3B7Q5rKJfXsKBUFKjkEEr6AvdqAC AxtAQDXv4v6znt2Uq+MmPwEikkZhqh72WizogqZyx6IXZFg6kvldoOfKjq7F1JFjPNJzO2OF+ /YsL4sEEAlYayvoM+9fD5gXmONsE8JbQcuvHyiYRvqZ78Glusfv0mTLEZbGwAudLRSNU1FQmW cua0vQLzJsbUVM4YTDt4yfSm5m36Koi8fw2Dkj2tBS8560+NLY9vxFXy5mHmRVB19E92pzvf+ yo9UvAvmHdGNxB7hOFvnapyV3XgLMpmbHT4GlvuBaH42NfdHlR75Ovk0gvMbEx+Qr0n02sP/H Tw8tMMtFJYG1Gbe6bN/BVMhA5mZgxcE4eBMyD+s0X95WIjfNd3VT+eFT26XSBZXvdZoHdTAGs lNGikN5L+RI9bQRmRAM9/5qBEg8LvgQoPGPBt57tE8t8BWoMyVg5AealWVLCgrNZnMoC12cUb eeW+m+0uMOg7GFeyJYuoQzcR4hJHSHiuyyUMmVyEm7D0VSBKH2ABzHLEQlfSpqDGjI3QfdhvQ 8agzvtdr8kz5EXnfaPdgtTicQ9gbtwhRlo984Vn0jESB9qZ2CcU3/BodFBzia3H7FFLbAHPB5 8OpcHPcPVT4fduUSQHm8JmIBn0LUYH6SX/BMRonkIgNgc=
Message-ID-Hash: RN6AMO5XQHWGMZ6YG2UFSQ4Z2Z3W4AU7
X-Message-ID-Hash: RN6AMO5XQHWGMZ6YG2UFSQ4Z2Z3W4AU7
X-MailFrom: moeller0@gmx.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipv6.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [IPv6]draft-herbert-eh-inflight-removal-03
List-Id: "IPv6 Maintenance Working Group (6man)" <ipv6.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Bub_BtKYrgp42cMOFCFCS3CuylM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Owner: <mailto:ipv6-owner@ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Subscribe: <mailto:ipv6-join@ietf.org>
List-Unsubscribe: <mailto:ipv6-leave@ietf.org>
Here are my questions from reading this draft (prefixed [SM])... Top level: Seems self-consistent and (potentially) useful, but will interfere with my interpretation of the end to end principle. This might still a pragmatic compromise to make EHs usable over the internet (and without usage nothing is going to improve in regards to EHs I guess). Commenting on: https://datatracker.ietf.org/doc/html/draft-herbert-eh-inflight-removal-03 Another drawback is information exposure. If the network provides the addresses of egress routers to hosts then it is divulging network topology information that could be considered a security risk. [SM] But isn't this already discoverable by playing TTL games a la traceroute? Encapsulation is complex from a host implementation point of view. An IPinIP encapsulation adds at least forty bytes of overhead to the packet which reduces the effective MTU for the application and requires special end host processing that may be prohibitive on low end devices [SM] Isn't the same true for removing EHs? Unless all paths using these use sufficiently larger MTU... or is the argument that the sender will already know since it is originating the extension headers? The secondary purpose for removing extension headers in-flight is to avoiding leaking information outside of a limited domain. [SM] This feels a bit like a straw-man argument, if information leakage is considered problematic, don't use effectively 'in-band' signalling... The packet does not contain an Authentication header. If the packet contains and Authentication header then the Hop-by-Hop Options header MUST NOT be removed [SM] Can the endpoints actually detect that condition? If no the MUST seems mostlty decorative, if yes why not have the enpoints take matters into their own hands instead of using hopes and prayers some other node will be handling this? I might have a naive interpretation of the meaning and utility of MUST... Copying the IPv6 Header Extension header removal can be accomplished by performing a data copy of the IPv4 header (forty bytes) to the offset after the extension header being removed minus forty bytes. [SM] The explicit IPv4 seems to be a typo, no? Regards Sebastian
- [IPv6]draft-herbert-eh-inflight-removal-03 Sebastian Moeller