Re: I-D Action: draft-ietf-6man-oversized-header-chain-01.txt

Fernando Gont <> Tue, 17 July 2012 13:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5453121F86FD for <>; Tue, 17 Jul 2012 06:15:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id toKK1naqm6aM for <>; Tue, 17 Jul 2012 06:15:56 -0700 (PDT)
Received: from ( [IPv6:2a00:d10:2000:e::3]) by (Postfix) with ESMTP id A8A9421F86FC for <>; Tue, 17 Jul 2012 06:15:56 -0700 (PDT)
Received: from ([] helo=[]) by with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from <>) id 1Sr7dn-00066s-Nr; Tue, 17 Jul 2012 15:16:40 +0200
Message-ID: <>
Date: Tue, 17 Jul 2012 14:15:26 +0100
From: Fernando Gont <>
Organization: SI6 Networks
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:13.0) Gecko/20120615 Thunderbird/13.0.1
MIME-Version: 1.0
To: "Eric Vyncke (evyncke)" <>
Subject: Re: I-D Action: draft-ietf-6man-oversized-header-chain-01.txt
References: <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.4.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "" <>
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 17 Jul 2012 13:15:57 -0000

Hi, Eric,

Thanks so much for your feedback! -- Please find my comments inline...
On 07/17/2012 07:35 AM, Eric Vyncke (evyncke) wrote:
> As I said in Paris, very useful I-D which is really important for stateless firewalls (read switch ACL).
> Two minor comments:
> - section 2.0 I would also explicitly add ICMP in addition to UDP & TCP 

How about e.g. s/UDP/ICMPv6/, since, after all, "UDP" was just there as
an example? (I'd prefer to do this rather to add yet another protocol,
since it might lead people to think that the list is exhaustive.. when
it's not).

> (as ICMP is not really an upper-layer protocol as it is the control engine of the network layer)

>From the point of view of encapsulation, I view ICMP as an upper layer
protocol -- although it clearly provides a function at lower layers.

A similar example would be BGP, which is an "app" protocol, but provides
functions for the network layer.

> - not sure whether an upper-layer header could strictly be part on the IPv6 extension header chain (at least not per RFC 2460)

Well, I'd consider the upper-layer header being part of the "ipv6 header
chain" (*) since they are identified with the same namespace used for
extension headers.

(*) I've just skimmed through RFC 2460, and it doesn't mention/define
the term "header chain".

Two possible options:
1) Leave the doc "as is"

2) s/IPv6 header chain/header chain/
This one might address the issue you've raised, but then some might
argue that "the entire header chain could also mean that e.g. an
app-layer header should be included".

I'd rather stick with 1, but I'm certainly open to suggestions. Thoughts?

> Even as the I-D is, it is ready for WGLC IMHO


Best regards,
Fernando Gont
SI6 Networks
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492