IETF Logo Mail Archive

Re: Who is the design ultimate authority over IPv6? (Re: [spring] WGLC - draft-ietf-spring-srv6-network-programming)

Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 07 March 2020 02:04 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91CD53A0FED for <ipv6@ietfa.amsl.com>; Fri, 6 Mar 2020 18:04:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r4axRXjLqBfU for <ipv6@ietfa.amsl.com>; Fri, 6 Mar 2020 18:04:16 -0800 (PST)
Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8A513A0FEE for <6man@ietf.org>; Fri, 6 Mar 2020 18:04:15 -0800 (PST)
Received: by mail-pg1-x52e.google.com with SMTP id 7so1916081pgr.2 for <6man@ietf.org>; Fri, 06 Mar 2020 18:04:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=lO1QjP4z5fgx/DNqLjZthcgClfH4YgwIL9AhEEPX5EI=; b=vPNP1zIdrVclzV8f3Pzk9kcwoxpznNToH+otZh1t14ClE7F6ZRAVsbryuD9jcbnDBC nyisRADagOaB2rvf+fSPzPBsnByHm+bEtEFdUMcTOcJHTAqyMjWmWgJpRfwwy/fK1YPQ l1D8hHgG8+PMRKnzdaDE0KbN2DCz+YTWhUcmh1UDTQP7RNIxpGFeCKa/MnB9YjzjyCPy 649lPHn6CE2zHVQuj/mg7aE96ZFwXKqv0qAEaPUkP6JY2dBcmaZoXxT8jzSFaIwKdsax PX6nJeSiy3mt/sTc8ES9O/ibqqUpKJmtHXH+u09rDkAZtc7+v6APEPNEi23bdy73fTQ5 PyxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=lO1QjP4z5fgx/DNqLjZthcgClfH4YgwIL9AhEEPX5EI=; b=pYW8ybkp6waqhZ4p9zICGnToSWOTvyl7iNDiuKeoKtGpLUqcqiQm6J+QT0rrkCtg8z ho021iGoMnLCbdlvl3JYzfyGi7j7dppiSJSn6x8BcP7B8aq1m8qtZJ7XTRKrMeNOuOay 0fLKbm5s9qlN2nplrjR8xnoQZKIBjCdn+Tqs2Xk7Q65uCNZ2mzzQVJOOI1Y7FQwMLApE IAWdG8tYoDGZlbyqwDonS2yd6XLFKt6woVGC4GQqYHZgCBUy5sl4nHstPo3IwjeQWEfC aUpmkJ/ahoBjY5I70byGMtOXa5w2WBs5fng8auskKrbS+Zb0WMGyBc5BoiDdHo6Mms++ ZNSw==
X-Gm-Message-State: ANhLgQ3xNsQ5pJC2sT0eb4B5AslbO4eH+M2ijNtVRnh8E2NvY6q2tgIW Qcp0P6wB1c8dXK7hEhZS3Sggs21D
X-Google-Smtp-Source: ADFU+vuPORe2MkwlSC6MFxfBPudHFWl2GOaoqcXggexNjrBi3ZWcijb5tujCjUUpoILa26/gFe09vg==
X-Received: by 2002:a65:4bc5:: with SMTP id p5mr5804836pgr.409.1583546654017; Fri, 06 Mar 2020 18:04:14 -0800 (PST)
Received: from [192.168.178.30] ([165.84.25.143]) by smtp.gmail.com with ESMTPSA id d1sm36291834pgi.63.2020.03.06.18.04.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Mar 2020 18:04:13 -0800 (PST)
Subject: Re: Who is the design ultimate authority over IPv6? (Re: [spring] WGLC - draft-ietf-spring-srv6-network-programming)
To: Tom Herbert <tom@herbertland.com>
Cc: Ole Troan <otroan@employees.org>, Mark Smith <markzzzsmith@gmail.com>, "6man@ietf.org" <6man@ietf.org>
References: <17421_1575566127_5DE93B2F_17421_93_1_53C29892C857584299CBF5D05346208A48D1A3DA@OPEXCAUBM43.corporate.adroot.infra.ftgroup><6c674995-8cc7-c024-4181-60b160910f75@si6networks.com> <29345_1576001884_5DEFE15C_29345_229_5_53C29892C857584299CBF5D05346208A48D250B7@OPEXCAUBM43.corporate.adroot.infra.ftgroup><89402a30-129b-314f-90f1-ba6efcdd6a88@si6networks.com> <16536_1576089460_5DF13774_16536_366_1_53C29892C857584299CBF5D05346208A48D273AD@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <CAO42Z2z2s92yitCC0eLrNO3dXe_EarRSUZq8GmJ=QRdZ59d0ag@mail.gmail.com> <64E8151B-DF45-4F30-A4AD-673E37A482DD@employees.org> <738133cf-1b87-90b3-614f-470b5546eedf@gmail.com> <CALx6S35=NWNu9iV7FU=zhmOwjB5T_WswyS13skpqfDfvL=G_jQ@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <1ea7ab65-7a07-5c78-aac7-bf202051a43a@gmail.com>
Date: Sat, 07 Mar 2020 15:04:09 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CALx6S35=NWNu9iV7FU=zhmOwjB5T_WswyS13skpqfDfvL=G_jQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/SzlzYni741CIch6IKGVHbdpUE6A>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Mar 2020 02:04:21 -0000

Tom,

> I don't understand what you mean by "AH is optional" in this context.

AH is optional in *every* context. So it's completely legitimate for
the SRH architecture to state that AH is not used in SRH domains. It
might be used in packets that are encapsulated for transit across an
SRH domain, but that's fine.

I thought this was clear when we persuaded the SRH community to drop
insertion and specify encapsulation.

    Brian
On 07-Mar-20 10:00, Tom Herbert wrote:
> On Fri, Mar 6, 2020 at 12:17 PM Brian E Carpenter
> <brian.e.carpenter@gmail.com> wrote:
>>
>> Ole,
>>
>> On 07-Mar-20 02:24, otroan@employees.org wrote:
>>> [spring cross posting deleted]
>>>
>>>>> - Read the mailing list and you will see that everyone do not share your opinion. So at least one person is wrong. I think that it would help if everyone, including you, could consider that they/you _may_ be wrong, at least to better understand the comments been made by others.  And possibly the text from RFC 8200 is not clear, but this is what we have. And this is the text to use to support the claim that this text is violated.
>>>>
>>>> The final interpretation and intent of text in RFC8200 should be up to
>>>> 6man, not SPRING, when there is ambiguity and dispute, as 6man is the
>>>> ultimate design authority for IPv6.
>>>>
>>>> RFC5704, "Uncoordinated Protocol Development Considered Harmful":
>>>>
>>>> " In particular, the
>>>>   IAB considers it an essential principle of the protocol development
>>>>   process that only one SDO maintains design authority for a given
>>>>   protocol, with that SDO having ultimate authority over the allocation
>>>>   of protocol parameter code-points and over defining the intended
>>>>   semantics, interpretation, and actions associated with those code-
>>>>   points."
>>>>
>>>> IETF WGs would qualify as standards development organisations.
>>>>
>>>> Those of us in 6man during the clarifications in this area of RFC8200
>>>> know the intent. It was specifically about modification of the EH
>>>> chain, and was in response to the
>>>> 'draft-voyer-6man-extension-header-insertion' Internet Draft.
>>>
>>> No, it is the IETF that is the SDO and has that authority through IETF consensus.
>>> Not the working group.
>>
>> Absolutely. And that means: IETF consensus as judged by the IESG, subject to the RFC 2026 appeal process.
>>> Let me summarize my take on this from a 6man perspective:
>>>
>>> 1) PSP violates RFC8200.
>>> I also object to any statement in SR PGM that it is in "compliance with 8200". It specifies it's own unique EH handling.
>>
>> It doesn't use the word "compliance" which is rather loaded in standards-speak. It now says:
>>
>>   "This behavior does not contravene Section 4 of [RFC8200] because the
>>    current destination address of the incoming packet is the address of
>>    the node executing the PSP behavior."
>>
>> Like it or not, that's what we published. Whether it's what we meant is another question.
>>
>>> As I state below that's perfectly fine.
>>>
>>> 2) A premise for the work on tightening extension header processing rules leading up to 8200, was that new specifications can specify different behaviour than what's defined in 8200.
>>> That is what the SR PGM document does. Any specification that changes EH processing must specify how that processing is done, and must be technically sound, in that it is shown not to break anything (interoperability, PMTUD, end to end security etc).
>>> The SR PGM document has been terse in it's description and how it deals with identified technical issues. But it is also clear, that it is specified to only work within a limited domain, where the source, destination and in-path nodes are all within the same domain of control.
>>> I see no outstanding technical issues with that mechanism.
>>
>> After a lot of thought, I agree with that. It's known not to work with AH, but AH is optional. It cannot break PMTUD because it only makes the packet smaller. And I am told it doesn't break OAM.
> 
> Brian,
> 
> I don't understand what you mean by "AH is optional" in this context.
> AH is certainly optional to send by source nodes, however if it is in
> a packet then I don't see how intermediate nodes have the option to
> knowingly break AH. This is precisely why declaring what data in
> header fields is mutable in flight is so important. This isn't just to
> make AH work, but enforcing that the network doesn't arbitrarily
> modify packets in random ways is one of the reasons why AH is needed.
> 
> (If you were to say that AH isn't a problem because it will never be
> in the same packet as and SRH, then I will have to point that SRH does
> not preclude that possibility. IMO, until the combination is expressly
> prohibited, intermediate nodes are subject to "be liberal in what you
> receive" in this regard)
> 
> Tom
> 
>>
>>> 3) It is also clear that what is specified in SR PGM does not work across administrative domain or on the general Internet.
>>
> That's the limited domain argument which as pointed out several times
> is not a normatively defined construct in IETF. Without such a
> definition I don't see how requirements pertaining to IPv6 can take
> this into account (i.e. we can't update RFC8200 with requirements that
> would only be applicable in a limited domain without defining limited
> domain).
> 
>> In fact, the whole of SRH is intra-domain, as specified by RFC8402.
>>
>>> For that reason I would object to any modification to 8200. Be it erratum, updated by pointer or bis document.
>>
>> I think there's an established weakness in RFC 8200. We could decide to live with it, as we live with weaknesses in RFC 791.
>>
>>> Is is possible to come to some agreement and consensus on the above points?
>>
>> That beats me ;-)
>>
>>     Brian
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email