RE: IPv6 header insertion in a controlled domain

Ron Bonica <rbonica@juniper.net> Mon, 09 December 2019 02:42 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5522012007C for <ipv6@ietfa.amsl.com>; Sun, 8 Dec 2019 18:42:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=kyJpquAl; dkim=pass (1024-bit key) header.d=juniper.net header.b=NYtgP8pD
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bgvNkygWiWk9 for <ipv6@ietfa.amsl.com>; Sun, 8 Dec 2019 18:42:45 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C32F12004A for <ipv6@ietf.org>; Sun, 8 Dec 2019 18:42:45 -0800 (PST)
Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xB92ghJJ012433; Sun, 8 Dec 2019 18:42:43 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=dZ052eWPQZwGUkLL4MpajUF3V4D6Fofys+ZYd7/sAGQ=; b=kyJpquAlbxBFLVLNMJBsz2iYujHmevNz85z13AIYqUpyGp9d8Bp4p2JpVejm9BP9QbS0 IwRpO/y8DoyQWIB0e4d1IFqOoKHPFMa4921ifgCu1ZBKoC7IMZb8ALFuMN/iWrZWq/PF ImOnajVq5i5RA6ZkiEpb4X4O3em0/BOy+hSaTx2qneZGpCVag0Ll+5sM61Ei4QKoNhO+ FNS2/m2+a1+15dQIgj6a5izG/lzHwIRFtj3w1WYu6NbQ0W6Z9hW1Brd9aY+pwOEamyiH 1TwGECbWZWz6SB8rJGYsczKUlDTj9fniUU/UN4Rrt/U9FEU/UYphuN11bsgmvUT+1P/e oQ==
Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2107.outbound.protection.outlook.com [104.47.70.107]) by mx0b-00273201.pphosted.com with ESMTP id 2wravhsvte-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 08 Dec 2019 18:42:42 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QmIUvk7FkUj6/syUAGgr7sV0vric18ftUNPw5e8BExfDleRUxxWMwSdhm9auoWgTvTDJ5EqimMCse0Z3GD/vW6uvd57dOs+EDjRK/N2Je+GzN9JxUdOuIiNfmus0PX55e3A/jE1PtVuFcXGFzP/VrUDw9HmFC9o2GFGf6JfpFgKMMBmEIEGEVAuwzRdEXs13UD4ZgDd50OinejbbnGu7wYIs+hwPDS3CbtgR2eOIX7EAO83hOI1MxzVvuPw72UdHNmTThusQ4eN5e7OK1G2TXpi/FlsWcOZrYKYadYpdgLJhWbIVWOBi4JQTHPVPVsST9ho31PATpbw75z1b+FaG2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dZ052eWPQZwGUkLL4MpajUF3V4D6Fofys+ZYd7/sAGQ=; b=MLs83QL2Au60/4090tHt5KOELnXX0Om7CIcTlZTAItPBDMjLc3zXYyUYj666NFyODGZ3VB0EThjjUYXMYYN6voMmaFxAVRNHIPYIRl77qWZqtjUfrPw7/G2SHuGozNXGSqizGKEGLVL51V5z09tfmyoXS2jXAdZVscarb8VYIcQxkLtYduGt1SYabgUeK9ljY+7a3zROOjLvqih8N86u6UtYUcpQmBb7f9UYIcCndLFlg7GBYXInt+/DiVEODt1nQiSd0rpq1Ogj0YfpM5dMP/wVhnamYTh6yccNJT/ZeLDdUf/VellDkgJ2XK24uefmRYE1sFeVfCUNQbddAUIXDw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dZ052eWPQZwGUkLL4MpajUF3V4D6Fofys+ZYd7/sAGQ=; b=NYtgP8pD4eUb4yKmcClNSBko2HuL6S2FxsqGULpcoH25YeKweMIX1Emb2AiQYY2QcfPOg3bpABsok43U1A8NuKVk3fm4O0lNl1zTxnTgXMsXahBXtoGXXXGnEbgDckP/8PnfjWvOEzMTB0IzJkjkvmZioGq8wjvsSY9V2pj90sk=
Received: from BN7PR05MB5699.namprd05.prod.outlook.com (20.176.28.88) by BN7PR05MB4401.namprd05.prod.outlook.com (52.133.223.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2516.8; Mon, 9 Dec 2019 02:42:41 +0000
Received: from BN7PR05MB5699.namprd05.prod.outlook.com ([fe80::185e:d297:6499:4987]) by BN7PR05MB5699.namprd05.prod.outlook.com ([fe80::185e:d297:6499:4987%7]) with mapi id 15.20.2516.003; Mon, 9 Dec 2019 02:42:41 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Sander Steffann <sander@steffann.nl>, Ole Troan <otroan@employees.org>
CC: 6man WG <ipv6@ietf.org>
Subject: RE: IPv6 header insertion in a controlled domain
Thread-Topic: IPv6 header insertion in a controlled domain
Thread-Index: AQHVrall5CtMz008y0qdWVSa9J0j7aewW++AgAAK44CAAANjAIAAAkuAgAANoICAAAJuAIAADDUAgACP8OA=
Content-Class:
Date: Mon, 09 Dec 2019 02:42:41 +0000
Message-ID: <BN7PR05MB5699F86F6DF1F224DF4A6E32AE580@BN7PR05MB5699.namprd05.prod.outlook.com>
References: <CALx6S3588ja9AZzBQ0dqwx0j-ki6A5tusye+odQKPyAyF+hEww@mail.gmail.com> <10E890EA-3278-44EE-881E-EBC91D419587@employees.org> <88287cb0-c0c3-f990-4dd7-338df87c7fb2@joelhalpern.com> <4E76C386-FB1E-4E48-814D-BB626466BEE3@employees.org> <CAO42Z2ze7tmkGh=E-YrPuJHMeD8V6EuxgjjaJ33iz+Ms3abNsA@mail.gmail.com> <ED9B7C60-ACDE-4107-A121-AE2DAEA6B640@employees.org> <CABNhwV0EGiMaX0Qkyk+_zqZfiaAS_RP_ewVEctgdSnMuJ3MBPw@mail.gmail.com> <8AE06652-D6DB-444D-A8BB-7924181C83E4@employees.org> <CABNhwV1Ym5xtDY+vo8haaaObhMayE+ejkUbm4Sq9A5axCQwopA@mail.gmail.com> <160F2740-7571-44D9-8995-5D2F23989DF6@employees.org> <CABNhwV1Jdw3xwfGSJbQbF1e7ZtfL_pEsmSRC6KkRbdK+4EAygQ@mail.gmail.com> <B0BCB469-9152-43E1-BCEF-5C8A300F7EA2@employees.org> <DCE8F651-7BB7-4186-9599-5FC185900C7D@steffann.nl>
In-Reply-To: <DCE8F651-7BB7-4186-9599-5FC185900C7D@steffann.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Owner=rbonica@juniper.net; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2019-12-09T02:42:39.8940858Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Application=Microsoft Azure Information Protection; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=4016f05f-e299-4a52-9a69-ac067a8b7295; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Extended_MSFT_Method=Automatic
dlp-product: dlpe-windows
dlp-version: 11.3.2.8
dlp-reaction: no-action
x-originating-ip: [108.28.233.91]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 78b8f900-3a2b-4e03-7b34-08d77c51761d
x-ms-traffictypediagnostic: BN7PR05MB4401:
x-microsoft-antispam-prvs: <BN7PR05MB440150C9497A530B4E9F8868AE580@BN7PR05MB4401.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 02462830BE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(376002)(136003)(396003)(39860400002)(346002)(199004)(189003)(13464003)(66476007)(64756008)(66446008)(66946007)(66556008)(4744005)(229853002)(26005)(186003)(316002)(110136005)(9686003)(76116006)(86362001)(55016002)(478600001)(5660300002)(966005)(74316002)(52536014)(81166006)(8676002)(81156014)(33656002)(305945005)(8936002)(71200400001)(99286004)(71190400001)(2906002)(53546011)(6506007)(7696005)(4326008)(76176011)(102836004); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR05MB4401; H:BN7PR05MB5699.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dOClpj/MlVxVB64spgptSby7sQS8DEMSbGk78j8aZk5a8w28UwtZAyPVVslNqo/ojDlm14g/Uxb4HyfAsTzGPl9V89gXY3vaxnRHq/esPsLJEFysIuK8ZoOvMxEPSfS//L07LdKnxowmTRPStLnFjbTXv+VtEHxov7mCnKViJq20dnjsWtWGCk4NSBZonaUNs4Q+1D/z/eQe0lGv00os6EsFQ8pOF5zF2Baq4ODwzd1t+wsKbaiBmPzHz3MavBgL3SdtzshZI/6nqG+j+Ir3bYccCVh1BexFwf12NO9oT76Rm+LKYQQwLmajAZ7/b8DHs5V3SBPctQ2BYTUvv3MFaqc/kOo7gxXpNMzLmbqr9W1Re/v249zxTGJVUa0jQbpn+UeAnj6hmdZkvYESYahCt8HNl+vyG5f+9Ebi8Mb+Ae/RJRCPbCozKEw/41X5lBCWJ2MEqRvYHn2qJLSw2BGinA9h2NPwpIAjaPyYMeQnlioLLuZ8y/FQJiVzB4QtO5QFHrLaLy45FIs6qRzG8k4Om/nlqDhL/bkZflMidRZJqiM=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 78b8f900-3a2b-4e03-7b34-08d77c51761d
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Dec 2019 02:42:41.0324 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4LL7J31a8GHA8wRjUpOf+jPDywRwZ5paBSoHFflYCgqfjquA1gj15588yZ8iphS5Jz7PVG1ezbtRH1eiAvu6oQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR05MB4401
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-12-08_07:2019-12-05,2019-12-08 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 lowpriorityscore=0 adultscore=0 spamscore=0 clxscore=1015 impostorscore=0 bulkscore=0 mlxscore=0 malwarescore=0 mlxlogscore=999 phishscore=0 suspectscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912090023
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/CZi3NkVqLrS0SmqGVTPhrtt35xg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2019 02:42:47 -0000

See Section 7.5 of https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-26

                                                              Ron



Juniper Business Use Only

-----Original Message-----
From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Sander Steffann
Sent: Sunday, December 8, 2019 1:05 PM
To: Ole Troan <otroan@employees.org>
Cc: 6man WG <ipv6@ietf.org>
Subject: Re: IPv6 header insertion in a controlled domain

Hi,

> A more likely outcome is to declare that AH isn't supported in this case.

I don't think we should standardise any standard that has such a restriction, considering the importace of security these days. So if this is indeed the outcome I would consider that a blocker.

Cheers,
Sander