Re: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt

On Fri, 23 Jul 2021, 18:20 Giuseppe Fioccola, <giuseppe.fioccola@huawei.com>
wrote:

> Hi Mike,
>
> To avoid misunderstanding, the precondition of controlled domain may be
> kept as MUST. We can further specify that authentication MUST be used if,
> for specific scenarios, it is applied outside a controlled domain.
>

Realise that a "MUST be limited to a controlled domain" in an RFC is
nothing more than an aspiration. It's theory rather than reality.

Packets are encouraged to try to exit "controlled" domains attached to the
Internet due to the domain's default route, and then can leave the
controlled domain ("leak") due failure of the controlling boundary because
of implementation bugs, operator configuration error or partial node
failure.

Authentication must be a MUST for anything that is designed for a
controlled domain if the controlled domain may be attached to the Internet,
which is a possibility for any of them if they use IPv6.

Packets getting to where they shouldn't would be one of the motivations of
Postel's "Be conservative with what you send".

Regards,
Mark.

>
> Regards,
>
>
>
> Giuseppe
>
>
>
>
>
> *From:* Mike Simpson <mikie.simpson@gmail.com>
> *Sent:* Friday, July 23, 2021 9:36 AM
> *To:* Giuseppe Fioccola <giuseppe.fioccola@huawei.com>
> *Cc:* Erik Kline <ek.ietf@gmail.com>; Yoshifumi Nishida <
> nsd.ietf@gmail.com>; 6man@ietf.org; Christopher Wood <caw@heapingbits.net>;
> draft-ietf-6man-ipv6-alt-mark.all@ietf.org
> *Subject:* Re: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt
>
>
>
> Why not just keep it at MUST so that you don’t pollute the internets.
>
>
>
> We will end up having to filter for it anyway as always but it seems
> foolhardy and unpleasant to intentionally weaken the language.
>
>
>
> Your new hotness belongs in your controlled domain. If you are going to
> try and force it onto networks you don’t control then it’s not going to
> work and you will end up having to tunnel it anyways.
>
>
>
> Why is this so hard to understand?
>
>
>
> On 22 Jul 2021, at 15:09, Giuseppe Fioccola <giuseppe.fioccola@huawei.com>
> wrote:
>
> 
>
> Hi Erik,
>
> Thanks for the input.
>
> I tend to agree that the condition “MUST” can be changed to “SHOULD”. I
> can address your comments in the -08 version.
>
>
>
> Regards,
>
>
>
> Giuseppe
>
>
>
> *From:* Erik Kline <ek.ietf@gmail.com>
> *Sent:* Wednesday, July 21, 2021 11:15 PM
> *To:* Giuseppe Fioccola <giuseppe.fioccola@huawei.com>
> *Cc:* Stewart Bryant <stewart.bryant@gmail.com>; Christopher Wood <
> caw@heapingbits.net>; Yoshifumi Nishida <nsd.ietf@gmail.com>;
> 6man@ietf.org; draft-ietf-6man-ipv6-alt-mark.all@ietf.org
> *Subject:* Re: FW: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt
>
>
>
> Giuseppe,
>
>
>
> I think in S2.1 "MUST NOT" be used outside a "controlled domain" is
> perhaps a bit too strong.  Similarly in S6, "MUST be applied
> in...controlled domains" might be moderated down to "SHOULD only be
> applied...".
>
>
>
> I'll note that it is possible for an AH option to be used to ensure the
> DstOpt variant is unmodified en route, and these two in conjunction can be
> used wherever desired to send such packets outside the given domain
> (subject, of course, to all the middlebox interference any such
> packet would inevitably receive -- but that's a separate issue).
>
>
>
> On Tue, Jun 22, 2021 at 11:27 AM Giuseppe Fioccola <
> giuseppe.fioccola@huawei.com> wrote:
>
> Dear Stewart, Christopher, Yoshi, All,
> Please note that I just submitted a new version of the draft. It has been
> thoroughly reviewed to address the comments received during the Last Call.
>
> Your inputs are always welcome.
>
> Regards,
>
> Giuseppe
>
> -----Original Message-----
> From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
> Sent: Tuesday, June 22, 2021 8:13 PM
> To: i-d-announce@ietf.org
> Cc: ipv6@ietf.org
> Subject: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the IPv6 Maintenance WG of the IETF.
>
>         Title           : IPv6 Application of the Alternate Marking Method
>         Authors         : Giuseppe Fioccola
>                           Tianran Zhou
>                           Mauro Cociglio
>                           Fengwei Qin
>                           Ran Pang
>         Filename        : draft-ietf-6man-ipv6-alt-mark-07.txt
>         Pages           : 21
>         Date            : 2021-06-22
>
> Abstract:
>    This document describes how the Alternate Marking Method can be used
>    as a passive performance measurement tool in an IPv6 domain.  It
>    defines a new Extension Header Option to encode Alternate Marking
>    information in both the Hop-by-Hop Options Header and Destination
>    Options Header.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-alt-mark/
>
> There is also an htmlized version available at:
> https://datatracker.ietf.org/doc/html/draft-ietf-6man-ipv6-alt-mark-07
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-6man-ipv6-alt-mark-07
>
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>