IETF Logo Mail Archive

Re: 6MAN WG Last Call: draft-ietf-6man-predictable-fragment-id-01

Brian Haberman <brian@innovationslab.net> Fri, 19 December 2014 12:52 UTC

Return-Path: <brian@innovationslab.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC7641A9130 for <ipv6@ietfa.amsl.com>; Fri, 19 Dec 2014 04:52:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QCML0FWPMN4w for <ipv6@ietfa.amsl.com>; Fri, 19 Dec 2014 04:52:31 -0800 (PST)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45C211A9108 for <ipv6@ietf.org>; Fri, 19 Dec 2014 04:52:31 -0800 (PST)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id 113E5880F5 for <ipv6@ietf.org>; Fri, 19 Dec 2014 04:52:31 -0800 (PST)
Received: from clemson.local (clairseach.fuaim.com [206.197.161.141]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id D23B471C0002 for <ipv6@ietf.org>; Fri, 19 Dec 2014 04:52:30 -0800 (PST)
Message-ID: <54941F8D.2050309@innovationslab.net>
Date: Fri, 19 Dec 2014 07:52:29 -0500
From: Brian Haberman <brian@innovationslab.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: ipv6@ietf.org
Subject: Re: 6MAN WG Last Call: draft-ietf-6man-predictable-fragment-id-01
References: <CC2EE99E-475C-4DB5-9E7F-ED00B4D48561@employees.org> <86F24DAC-C017-4D09-9431-0C33134B55C2@employees.org> <5486B2E1.4050507@si6networks.com> <54870E28.3010502@innovationslab.net> <5487378A.10007@si6networks.com> <54883E46.9020509@innovationslab.net> <5493E020.3010105@si6networks.com>
In-Reply-To: <5493E020.3010105@si6networks.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="lotoroBpOGjnHUh6ailwoBdkBcC6CLB5T"
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/NiYF6UV9pXZSPtTdPxd3WfT82t8
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Dec 2014 12:52:33 -0000


On 12/19/14 3:21 AM, Fernando Gont wrote:
> Hi, Brian,
> 
> On 12/10/2014 09:36 AM, Brian Haberman wrote:
>>>
>>> 1) In the same way we do for RFC6528 or RFC6056
>>>
>>> 2) With something similar to 
>>> (<http://www.si6networks.com/tools/ipv6toolkit>):
>>>
>>> # frag6 -d TARGET --frag-id-poliy
>>
>> That didn't answer the question.  In order to advance something on
>> the standards track, there needs to be at least two interoperable 
>> implementations.  How an implementation initializes a field like
>> the fragment ID, TCP sequence number, or ephemeral port number has
>> no affect on interoperability.
>>
>> What you are describing in those documents is implementation
>> guidance, not a protocol specification.  Given that, I would
>> suggest that this document strike any normative text, drop the
>> Updates tag, and move to Informational.
> 
> I personally have no issues with proceeding as indicated.

Ok.

> 
> That said, I'm not sure I follow what you say above. This document has
> a requirement that the IP ID must not be predictable, and

How does one determine a value is not predictable?  How would the
predictability of the IP ID value affect interoperability?

Nothing that I see in this document impacts interoperability.

> implementation advice on how to achieve that. The current status of
> the ID is std track for the former, not for the later. As far as this
> document is concerned, RFC2460 could already be advanced on the
> stndards track, since there are at least four different and
> interoperable implementations: FreeBSD, OpenBSD, Linux, and OpenSolaris.
> 
> While the (un)predicatability of the IP ID certainly does not affect
> interoperability, I guess the same applies to lots of other specs
> related to security (for instance, the choice of accepting a
> non-authenticated packet/chunk_of_data when authentication mechanisms
> are place probably does not affect interoperability.... yet we have
> plenty of these (for obvious reasons) in the corresponding specs).

I think you are conflating issues here.  Authentication requires both
ends to use the same mechanism (hence the need for interoperability
since there are multiple authentication mechanisms).

> 
> That said, and as noted above, I have no issues with proceeding as you
> suggested if that's deemed as the right way to go.

The WG needs to decide which way to go.

Regards,
Brian

v2.23.0 | Report a Bug | By Email