Re: I-D Action:draft-ietf-6man-exthdr-01.txt
Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 03 January 2011 21:23 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E42123A6C42 for <ipv6@core3.amsl.com>; Mon, 3 Jan 2011 13:23:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.421
X-Spam-Level:
X-Spam-Status: No, score=-103.421 tagged_above=-999 required=5 tests=[AWL=0.178, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rp7J2sVPeTyL for <ipv6@core3.amsl.com>; Mon, 3 Jan 2011 13:23:22 -0800 (PST)
Received: from mail-ey0-f172.google.com (mail-ey0-f172.google.com [209.85.215.172]) by core3.amsl.com (Postfix) with ESMTP id C5C413A6C41 for <ipv6@ietf.org>; Mon, 3 Jan 2011 13:23:21 -0800 (PST)
Received: by eyd10 with SMTP id 10so5878443eyd.31 for <ipv6@ietf.org>; Mon, 03 Jan 2011 13:25:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=tM/VsmoIxMhqwkuqV8juyeoXjxhP9Xw5D9P7kKdysDA=; b=a3TNJv5bcpFtFzH70NnUW+xfz7IlaCKPCxt4MtFIQHbuNb7wZQWxlpyUGpFmZr0wvm 9UaJYnas7Ri1CClypaO/uTVn6pvgwSD8Dez1DUn/39Ij/r5ih9BJzZlX5DDp0rpjAW33 aa/A0SdKFW1r+Kbz6l+0RI08CyawjinttYuTQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=Lf5APlZipVddF/PJE1KDS/gd3MV+vkhNaW9DprzBejoYqLcplf9f4qewPgHQ6KZlGH j3MjLNUCRlfQYbaqw+MGua1CrUcAXCFaKMpz+ryxEMGRTS4uM+P5SgXrvDeVZMwS2/ZE 2TkkqlZqU+///lAyoe3xfsdIQMjStFeLh74lU=
Received: by 10.213.26.74 with SMTP id d10mr17360110ebc.61.1294089928306; Mon, 03 Jan 2011 13:25:28 -0800 (PST)
Received: from [10.1.1.4] ([121.98.190.33]) by mx.google.com with ESMTPS id x54sm15109515eeh.17.2011.01.03.13.25.24 (version=SSLv3 cipher=RC4-MD5); Mon, 03 Jan 2011 13:25:27 -0800 (PST)
Message-ID: <4D223EC0.7020906@gmail.com>
Date: Tue, 04 Jan 2011 10:25:20 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Thomas Narten <narten@us.ibm.com>
Subject: Re: I-D Action:draft-ietf-6man-exthdr-01.txt
References: <20101217234501.11691.81147.idtracker@localhost> <AANLkTi=Lr_4zOd=-DrAxic_t_o0MvyOoWPYmiktZZod2@mail.gmail.com> <63416880-97B6-4CE4-864A-1402DA977B5F@tony.li> <AA183326-2E70-4A23-83A7-9F96131ADFF4@tony.li> <4D113364.3050105@ericsson.com> <201101032040.p03KeE86005244@cichlid.raleigh.ibm.com>
In-Reply-To: <201101032040.p03KeE86005244@cichlid.raleigh.ibm.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: "ipv6@ietf.org" <ipv6@ietf.org>, Suresh Krishnan <suresh.krishnan@ericsson.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jan 2011 21:23:23 -0000
> 2) The routing header is essentially deprecated, and we probably won't > define any more. The proposal for RH4, i.e. draft-ietf-6man-rpl-routing-header, is active. However, isn't the real question whether we want to change the implied intention that adding a new extension header should be hard? Section 4 of RFC 2460 makes this intention pretty clear: unknown extension headers should lead to packet discard and ICMP Parameter Problem, so this is intended for consenting adults only. Skipping over unknown extension headers was definitely not intended to work. The basic motivation for the present draft is clear: > However, > some intermediate nodes such as firewalls, may need to look at the > transport layer header fields in order to make a decision to allow or > deny the packet. That is, help middleboxes to violate e2e transparency and, furthermore, allow unknown headers to cross those middleboxes. If I was a paranoid security person, I would definitely not be happy with this. On the contrary - if I saw an unknown IP header in a packet, I would want to discard it. A legacy firewall wouldn't recognize the Next Header value for draft-ietf-6man-exthdr, so would discard the packet. If my firewall had been updated, and saw a draft-ietf-6man-exthdr, header, it would need to look at the embedded "Specific Type" and then decide whether to discard it. Just a bit more deep packet inspection. So the one thing this proposal will *not* do is allow new extension headers to cross the Internet transparently. All it might do is cause the firewalls to dig one layer deeper before discarding the packet. Regards Brian
- I-D Action:draft-ietf-6man-exthdr-01.txt Internet-Drafts
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Tony Li
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Tony Li
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Tony Li
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Tony Li
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Thomas Narten
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Brian E Carpenter
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Fernando Gont
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Joel M. Halpern
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Rosomakho, Yaroslav
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Fernando Gont
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Thomas Narten
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Thomas Narten
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Steven Blake
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Fernando Gont
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Joel M. Halpern
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Rémi Després
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Joel M. Halpern
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Bhatia, Manav (Manav)
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Bhatia, Manav (Manav)
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Brian E Carpenter
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Rémi Després
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Rémi Després
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt james woodyatt
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Brian E Carpenter
- draft-ietf-6man-exthdr-01 - Support for adoption Rémi Després