IETF Logo Mail Archive

Re: I-D Action: draft-smith-6man-in-flight-eh-insertion-harmful-00.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 12 October 2019 22:15 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E161C12002E for <ipv6@ietfa.amsl.com>; Sat, 12 Oct 2019 15:15:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7OoobAFk_l-3 for <ipv6@ietfa.amsl.com>; Sat, 12 Oct 2019 15:15:13 -0700 (PDT)
Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E7C21200B2 for <ipv6@ietf.org>; Sat, 12 Oct 2019 15:15:13 -0700 (PDT)
Received: by mail-pf1-x42b.google.com with SMTP id y22so8179191pfr.3 for <ipv6@ietf.org>; Sat, 12 Oct 2019 15:15:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=cTozBuWL0tASCw5j6ewokJEbMrZsFklNJeO3oL6Hc+c=; b=WOQ+nzo9FehnijKdis5hV6ly3yFRteVQWb3W1xdB08ZN8BAzf5oDnbYK4XeeBgnq78 yPRZ41FSAwiSuqpyDTvfjMOjJdyb0w+SKliw/BG5YssB1GLXMDJ7QxnTzAzo1NcvQ+CZ hfQS/ip/HeWrH8xwtFlGz7f9dvn3e6HIREuHDvsoiO32/jAjjVAr66jNhDrZnOARNDDz trHlQOV2OCLWsmEQtopg2gxx/H6vRAGeth+WGEUovgHYqIg/qYM03gyZINQxizEsnE0o eISG1VeVswcH8Iq+4oxhog1InhWutsJXX4enV89yHnWho0AJaom8osgKy33zMBMUqgvf AOlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=cTozBuWL0tASCw5j6ewokJEbMrZsFklNJeO3oL6Hc+c=; b=Tic13+ShhBu1HiIIui8YSeNwwUk9xAXsXHZAbOgozDQCuV3BgiERkrh2pB3/FdDeSJ Ol2lFozt8HSLFHwjXoVtNEhIzqmoWalDl36fR1ZHEZhj7AMuRrZLI1WlwtPOzXWB2GrX WcTLKiGyrp5ZREjTdWZgP9GZEmxkrYQuCorgORzno+zvBoySlxu3oOGRrJfwAySxHAS6 YzdDOyzIuI5KLn91RVHhcGNqpaIcpKmmsVt6tiMsgekYd6bjYRDLp/36ZiKkZvQGe9AG LRw+nTYyGcSa2csolnybzBBckaPzDpS3SC+o8qpV7hvsTciv5h8zNmbnbfpOsdzzpY6q kTvw==
X-Gm-Message-State: APjAAAW9Q313EYJL0HFREYKYX1onkN8f09m9GKaKtZrRAXi1lagYo5oW u6EvR+HH4Gvd6qmToaR7p/HyYJou
X-Google-Smtp-Source: APXvYqzmffUP24st1TOzhgVjjBxtucrMNID5XS3L9J1UC7j/Hv2rn547PmJwsvLo0q1KlfwyncK2wA==
X-Received: by 2002:a17:90a:8048:: with SMTP id e8mr27005972pjw.0.1570918512524; Sat, 12 Oct 2019 15:15:12 -0700 (PDT)
Received: from [192.168.178.30] (233.148.69.111.dynamic.snap.net.nz. [111.69.148.233]) by smtp.gmail.com with ESMTPSA id y10sm11898763pfe.148.2019.10.12.15.15.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 12 Oct 2019 15:15:11 -0700 (PDT)
Subject: Re: I-D Action: draft-smith-6man-in-flight-eh-insertion-harmful-00.txt
To: Mark Smith <markzzzsmith@gmail.com>
References: <157059901123.30422.11220423219059958820@ietfa.amsl.com>
Cc: 6man <ipv6@ietf.org>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <362b80f7-fedc-7227-2931-0006e6b81812@gmail.com>
Date: Sun, 13 Oct 2019 11:15:08 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <157059901123.30422.11220423219059958820@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/IkWd3NF-Yx2LAZlLO5zPy-PHLYY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Oct 2019 22:15:16 -0000

Hi Mark,

As you have no doubt seen, the active proposal for EH insertion (draft-voyer-) states that the source and destination addresses of packets subject to insertion both lie within a controlled domain. Now while draft-carpenter-limited-domains calls for secure mechansims for determining whether a node is inside or on the border of a domain, it seems to me that address scope (and therefore routing scope) is today the state of the art for that. Of course you're correct that configured scope is subject to human error, but that already has very serious consequences, especially BGP misconfigurations. I think that draft-voyer-6man-extension-header-insertion-07 (not the earlier versions) is resistant to your arguments. It certainly does not describe the use case you give at https://tools.ietf.org/html/draft-smith-6man-in-flight-eh-insertion-harmful-00#section-3 .

EH insertion for packets that traverse the open Internet is certainly harmful and violates RFC 8200. draft-voyer-6man-extension-header-insertion-07 does not propose that.

Regards
   Brian Carpenter

On 09-Oct-19 18:30, internet-drafts@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> 
> 
>         Title           : In-Flight IPv6 Extension Header Insertion Considered Harmful
>         Author          : Mark Smith
> 	Filename        : draft-smith-6man-in-flight-eh-insertion-harmful-00.txt
> 	Pages           : 10
> 	Date            : 2019-10-08
> 
> Abstract:
>    In the past few years, as well as currently, there have and are a
>    number of proposals to insert IPv6 Extension Headers into existing
>    IPv6 packets while in flight.  This contradicts explicit prohibition
>    of this type of IPv6 packet proccessing in the IPv6 standard.  This
>    memo describes the possible failures that can occur with EH
>    insertion, the harm they can cause, and the existing model that is
>    and should continue to be used to add new information to an existing
>    IPv6 and other packets.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-smith-6man-in-flight-eh-insertion-harmful/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-smith-6man-in-flight-eh-insertion-harmful-00
> https://datatracker.ietf.org/doc/html/draft-smith-6man-in-flight-eh-insertion-harmful-00
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>

v2.23.0 | Report a Bug | By Email