IETF Logo Mail Archive

Re: 6MAN WG Last Call: draft-ietf-6man-predictable-fragment-id-01

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 19 December 2014 19:19 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1410E1ACD68 for <ipv6@ietfa.amsl.com>; Fri, 19 Dec 2014 11:19:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oC7Y4cFbjYZp for <ipv6@ietfa.amsl.com>; Fri, 19 Dec 2014 11:19:19 -0800 (PST)
Received: from mail-pd0-x22c.google.com (mail-pd0-x22c.google.com [IPv6:2607:f8b0:400e:c02::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AE081A8FD4 for <ipv6@ietf.org>; Fri, 19 Dec 2014 11:19:19 -0800 (PST)
Received: by mail-pd0-f172.google.com with SMTP id y13so1761461pdi.17 for <ipv6@ietf.org>; Fri, 19 Dec 2014 11:19:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=GY5GPLN+4qGnXxNSBIl4n3+Z+wJC5XVQ9FC6YEMU9Qs=; b=YOsvNNFTCaCIhbckrzfCB3tTyf+yeubDD8hi2ZubbQQeiuAGy3myRAXhJ5pk3ynf2X ZNTqZrbUAmkYXJ/frDaVl5eqDX0L2pQ1d/S3BFho5J7LLpTq0sfderOpfjiVIzhmirso gwHbstB38VSa42ljFzDK8NwPFo6KNkhzJFOvA/SepqqRy3yesuG/DhBB9inyHdLDaaTe XeWvKXhs5wqsPIXOtkrPKJNgAWJOKlu/DC5THqBABIiHKV0D3GMP/88Yz66bN1x3mVUG D+OumGopkzgzQkIqRF/9o6oHGCC0fIlNMJpvJ38AZCPThnviLI0wbDCUvZAN2mIOE4yl EqCQ==
X-Received: by 10.68.132.103 with SMTP id ot7mr12997489pbb.0.1419016758546; Fri, 19 Dec 2014 11:19:18 -0800 (PST)
Received: from ?IPv6:2406:e007:7cab:1:28cc:dc4c:9703:6781? ([2406:e007:7cab:1:28cc:dc4c:9703:6781]) by mx.google.com with ESMTPSA id cf4sm10366062pbb.3.2014.12.19.11.19.15 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 19 Dec 2014 11:19:17 -0800 (PST)
Message-ID: <54947A40.8020409@gmail.com>
Date: Sat, 20 Dec 2014 08:19:28 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Fernando Gont <fgont@si6networks.com>
Subject: Re: 6MAN WG Last Call: draft-ietf-6man-predictable-fragment-id-01
References: <CC2EE99E-475C-4DB5-9E7F-ED00B4D48561@employees.org> <86F24DAC-C017-4D09-9431-0C33134B55C2@employees.org> <5486B2E1.4050507@si6networks.com> <54870E28.3010502@innovationslab.net> <5487378A.10007@si6networks.com> <54883E46.9020509@innovationslab.net> <5493E020.3010105@si6networks.com> <54941F8D.2050309@innovationslab.net> <5494563E.8000008@si6networks.com>
In-Reply-To: <5494563E.8000008@si6networks.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/KeoUE57OxdzfDd8xk10H4ikpipE
Cc: Brian Haberman <brian@innovationslab.net>, ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Dec 2014 19:19:21 -0000

Hi,

On 20/12/2014 05:45, Fernando Gont wrote:
> On 12/19/2014 09:52 AM, Brian Haberman wrote:
>>> That said, I'm not sure I follow what you say above. This
>>> document has a requirement that the IP ID must not be
>>> predictable, and
>>
>> How does one determine a value is not predictable?  How would the 
>> predictability of the IP ID value affect interoperability?
>>
>> Nothing that I see in this document impacts interoperability.
> 
> So... does that mean that the only kind of requirements that we can
> issue in protocol specs are those that affect interoperability?

There are precedents the other way, for example RFC 4941 specifies
algorithms for pseudo-random IIDs at SHOULD level, and RFC 7217 has a
MUST. But for the flow label (RFC 6437), we chose not to specify an
algorithm; we just specified that the values SHOULD be chosen from a
uniform distribution.

   Brian C

> 
> 
>>> implementation advice on how to achieve that. The current status
>>> of the ID is std track for the former, not for the later. As far
>>> as this document is concerned, RFC2460 could already be advanced
>>> on the stndards track, since there are at least four different
>>> and interoperable implementations: FreeBSD, OpenBSD, Linux, and
>>> OpenSolaris.
>>>
>>> While the (un)predicatability of the IP ID certainly does not
>>> affect interoperability, I guess the same applies to lots of
>>> other specs related to security (for instance, the choice of
>>> accepting a non-authenticated packet/chunk_of_data when
>>> authentication mechanisms are place probably does not affect
>>> interoperability.... yet we have plenty of these (for obvious
>>> reasons) in the corresponding specs).
>>
>> I think you are conflating issues here.  Authentication requires
>> both ends to use the same mechanism (hence the need for
>> interoperability since there are multiple authentication
>> mechanisms).
> 
> But once you are employing an auth method, there's the question of
> what to do if you receive an un-authenticated packet/chunk_of_data.
> The policy of dropping or accepting such a packet/chunk is one of
> security rather than of interoperability. But, for obvious reasons,
> you'd specify to drop such packets/chunks. If we just specify for
> interoperability, then this question would remain unaddressed.
> 
> 
> 
>>> That said, and as noted above, I have no issues with proceeding
>>> as you suggested if that's deemed as the right way to go.
>>
>> The WG needs to decide which way to go.
> 
> Yep.
> 
> Thanks!
> 
> Best regards,

v2.23.0 | Report a Bug | By Email