IETF Logo Mail Archive

RE: [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic Fragments

"Templin (US), Fred L" <Fred.L.Templin@boeing.com> Fri, 19 November 2021 16:30 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D466D3A08A1 for <ipv6@ietfa.amsl.com>; Fri, 19 Nov 2021 08:30:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=boeing.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cTiP7KQkpNzO for <ipv6@ietfa.amsl.com>; Fri, 19 Nov 2021 08:30:17 -0800 (PST)
Received: from clt-mbsout-01.mbs.boeing.net (clt-mbsout-01.mbs.boeing.net [130.76.144.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A83653A0894 for <ipv6@ietf.org>; Fri, 19 Nov 2021 08:30:15 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by clt-mbsout-01.mbs.boeing.net (8.15.2/8.15.2/DOWNSTREAM_MBSOUT) with SMTP id 1AJGUDfN020102; Fri, 19 Nov 2021 11:30:13 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=boeing.com; s=boeing-s1912; t=1637339414; bh=gODq+z5Dj91v6mY9G4ghtrDXNZIL8+pO21/e0L0vKdg=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=VEfcb6vJlV9mzDk4UtLVfhrXtkV+i84pP3/05lqYB9Mvd+H4E342gdBly7HCxDEiB kw5WI8QuXa6HlszpEJAwoJlX6O4a1cAbT1hJMAu5W2BAeTBkql57AcErjzeUWzIa/P 4lGT3O96vvCY5vj4F9rStqXRz2us8iX8Gcpzg41nvzDC1pSNdwkvjUNP99jQD8slRa KmPb1sOE2dHUu6nj6S/PETf5+mtMf5tSLd6sOc8xqK6wEefpr8xxuqgsw2oX+Jndva OIbGfztBpoSiFtzW29ZubKNWrl9D1h0hBL1w22+15XORBdx25eahxnDnHD9KXasmDS KqRMm9+qRyjuQ==
Received: from XCH16-07-10.nos.boeing.com (xch16-07-10.nos.boeing.com [144.115.66.112]) by clt-mbsout-01.mbs.boeing.net (8.15.2/8.15.2/8.15.2/UPSTREAM_MBSOUT) with ESMTPS id 1AJGTxp0019711 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 19 Nov 2021 11:29:59 -0500
Received: from XCH16-07-10.nos.boeing.com (144.115.66.112) by XCH16-07-10.nos.boeing.com (144.115.66.112) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.14; Fri, 19 Nov 2021 08:29:58 -0800
Received: from XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5]) by XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5%2]) with mapi id 15.01.2308.014; Fri, 19 Nov 2021 08:29:58 -0800
From: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
To: David Farmer <farmer@umn.edu>
CC: Mark Smith <markzzzsmith@gmail.com>, IPv6 List <ipv6@ietf.org>
Subject: RE: [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic Fragments
Thread-Topic: [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic Fragments
Thread-Index: AdfdWjAHT7wxdQZH70CXpjUTcxCIdQARlzsAABAJdlD//4kIgIAAhRpA
Date: Fri, 19 Nov 2021 16:29:58 +0000
Message-ID: <8e8538090c81414e8bc157c24569e4e4@boeing.com>
References: <01510cc3c19b4b4b8cef41357c975fd9@boeing.com> <CAO42Z2zitj2mOzj80G_SUfukg551A64n9HnOcC2-ukCta4Ohaw@mail.gmail.com> <986ef062d3874a3caf9fbf19dbf55350@boeing.com> <CAN-Dau35aE1Fh3r53NbTOmv3NaTXsmWfGiAkC1Nw2gc+4mZ0tw@mail.gmail.com>
In-Reply-To: <CAN-Dau35aE1Fh3r53NbTOmv3NaTXsmWfGiAkC1Nw2gc+4mZ0tw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [137.137.12.6]
x-tm-snts-smtp: 3B00FAFD168A25615F43B4F059DC785ADF510D8118FF9C5AE46105B430EACC002000:8
Content-Type: multipart/alternative; boundary="_000_8e8538090c81414e8bc157c24569e4e4boeingcom_"
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/H9XHw6EV2QdkfUipAjCeMGiwk4o>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Nov 2021 16:30:27 -0000

Read the documents

From: David Farmer [mailto:farmer@umn.edu]
Sent: Friday, November 19, 2021 8:26 AM
To: Templin (US), Fred L <Fred.L.Templin@boeing.com>
Cc: Mark Smith <markzzzsmith@gmail.com>; IPv6 List <ipv6@ietf.org>
Subject: Re: [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic Fragments


EXT email: be mindful of links/attachments.




Well, then put it in your AERO/OMNI header, don't overload the fragmentation header with it.

On Fri, Nov 19, 2021 at 10:18 AM Templin (US), Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote:
I am sorry Mark, but this is not AH – the AERO/OMNI identification mechanism
is modeled after the way TCP peers negotiate sequence number windows, with
the expectation that the peers may renegotiate sequence numbers frequently to
keep the attack surface unpredictable. Please do not make blanket statements
without reading documents.

Fred

From: Mark Smith [mailto:markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>]
Sent: Friday, November 19, 2021 7:53 AM
To: Templin (US), Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>>
Cc: Nick Hilliard <nick@foobar.org<mailto:nick@foobar.org>>; IPv6 List <ipv6@ietf.org<mailto:ipv6@ietf.org>>
Subject: [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic Fragments


EXT email: be mindful of links/attachments.





On Sat, 20 Nov 2021, 02:32 Templin (US), Fred L, <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote:
Thanks Mark, but I don’t want AH; I want AERO/OMNI. I want the Identifications to serve
the dual purpose of supporting the fragmentation/reassembly process and providing an
in-window value that recipients can use to detect spurious packets. And, I want the same
mechanism used for packets of all sizes, up to and including jumbos.

AH + JG

Done. No reinventing wheels.


Fred

From: Mark Smith [mailto:markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>]
Sent: Thursday, November 18, 2021 4:11 PM
To: Templin (US), Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>>
Cc: Nick Hilliard <nick@foobar.org<mailto:nick@foobar.org>>; IPv6 List <ipv6@ietf.org<mailto:ipv6@ietf.org>>
Subject: Re: Transmission of IPv6 Jumbograms as Atomic Fragments

On Fri, 19 Nov 2021, 07:12 Templin (US), Fred L, <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote:
Nick,

> Do you have a use case in mind for the ID field?

Thank you for this timely question. I just got done posting a major update to the
draft, which now is titled: "IPv6 Packet Identification" and considers all forms of
IPv6 packets and not just Jumbograms. In answer to your question here is the new
Section 2 text from the draft (link provided below):

"2.  IPv6 Packet Identification

   When IPv6 sources and destinations have some way of maintaining
   "windows" of acceptable Identification values, the destination may be
   able to examine received packet Identifications to determine whether
   they likely originated from the source.

This seems to be describing the sequence number verification used in IPsec AH per RFC 4302.

It may be worth either just using AH as is, and getting all of its other benefits, or look at creating a simplified version of it rather than modifying the jumbogram EH to start duplicating existing AH functionality.

According to RFC 4302 there are a range of reserved SPI values (1 through 255), you could use one of those to indicate a light weight version of AH that just does packet identification, avoiding the need to set up Security Associations with IKE.

Regards,
Mark.

The AERO
   [I-D.templin-6man-aero] and OMNI [I-D.templin-6man-omni]
   specifications discuss methods for maintaining windows of
   unpredictable values that may reduce attack profiles in some
   environments."

Thanks, and here is the draft URL:

https://datatracker.ietf.org/doc/draft-templin-6man-jumbofrag/

Fred

> -----Original Message-----
> From: Nick Hilliard [mailto:nick@foobar.org<mailto:nick@foobar.org>]
> Sent: Thursday, November 18, 2021 9:16 AM
> To: Templin (US), Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>>
> Cc: IPv6 List <ipv6@ietf.org<mailto:ipv6@ietf.org>>
> Subject: Re: Transmission of IPv6 Jumbograms as Atomic Fragments
>
>
> Templin (US), Fred L wrote on 18/11/2021 15:23:
> > Bob, what I want is exactly the Identification field that is found in the Fragment Header
> > while simply leaving the rest of the fields of that header set to 0
>
> Do you have a use case in mind for the ID field?
>
> Nick

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------


--
===============================================
David Farmer               Email:farmer@umn.edu<mailto:Email%3Afarmer@umn.edu>
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email