RE: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt

Giuseppe Fioccola <> Fri, 23 July 2021 08:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DB8393A0A21; Fri, 23 Jul 2021 01:05:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.196
X-Spam-Status: No, score=-4.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nfoFjBfE1nws; Fri, 23 Jul 2021 01:05:26 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DFB6A3A0A22; Fri, 23 Jul 2021 01:05:25 -0700 (PDT)
Received: from (unknown []) by (SkyGuard) with ESMTP id 4GWM5K3CtZz6H7hY; Fri, 23 Jul 2021 15:53:41 +0800 (CST)
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Fri, 23 Jul 2021 10:05:17 +0200
Received: from ([]) by ([]) with mapi id 15.01.2176.012; Fri, 23 Jul 2021 10:05:17 +0200
From: Giuseppe Fioccola <>
To: Stewart Bryant <>
CC: Erik Kline <>, Christopher Wood <>, Yoshifumi Nishida <>, "" <>, "" <>
Subject: RE: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt
Thread-Topic: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt
Thread-Index: AQHXfwgCOCI2j/vX70eW5vzZ4q36tqtQMPRA
Date: Fri, 23 Jul 2021 08:05:17 +0000
Message-ID: <>
References: <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_7cd2e5abee2c4205a75fc77804250a6ehuaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 23 Jul 2021 08:05:31 -0000

Hi Stewart,
Yes, my intention is to specify that, if it is needed to apply the Alternate Marking outside a controlled domain (e.g. e2e service monitoring) authentication MUST necessarily be used.


From: Stewart Bryant <>
Sent: Thursday, July 22, 2021 4:43 PM
To: Giuseppe Fioccola <>
Cc: Stewart Bryant <>; Erik Kline <>; Christopher Wood <>; Yoshifumi Nishida <>;;
Subject: Re: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt


Later in the text in section 6 (security) it says

As stated above, the precondition for the application of the

   Alternate Marking is that it MUST be applied in specific controlled

   domains, thus confining the potential attack vectors within the

   network domain.

If section 2 text is weaked, it both contradicts and weakens the security assumptions.

I suppose you could say that authentication MUST be used if the protocol is deployed outside a controlled domain, but I don’t think you can let it run in the wild as is.

- Stewart

On 22 Jul 2021, at 15:08, Giuseppe Fioccola <<>> wrote:

Hi Erik,
Thanks for the input.
I tend to agree that the condition “MUST” can be changed to “SHOULD”. I can address your comments in the -08 version.



From: Erik Kline <<>>
Sent: Wednesday, July 21, 2021 11:15 PM
To: Giuseppe Fioccola <<>>
Cc: Stewart Bryant <<>>; Christopher Wood <<>>; Yoshifumi Nishida <<>>;<>;<>
Subject: Re: FW: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt


I think in S2.1 "MUST NOT" be used outside a "controlled domain" is perhaps a bit too strong.  Similarly in S6, "MUST be applied in...controlled domains" might be moderated down to "SHOULD only be applied...".

I'll note that it is possible for an AH option to be used to ensure the DstOpt variant is unmodified en route, and these two in conjunction can be used wherever desired to send such packets outside the given domain (subject, of course, to all the middlebox interference any such packet would inevitably receive -- but that's a separate issue).

On Tue, Jun 22, 2021 at 11:27 AM Giuseppe Fioccola <<>> wrote:
Dear Stewart, Christopher, Yoshi, All,
Please note that I just submitted a new version of the draft. It has been thoroughly reviewed to address the comments received during the Last Call.

Your inputs are always welcome.



-----Original Message-----
From: ipv6 <<>> On Behalf Of<>
Sent: Tuesday, June 22, 2021 8:13 PM
Subject: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IPv6 Maintenance WG of the IETF.

        Title           : IPv6 Application of the Alternate Marking Method
        Authors         : Giuseppe Fioccola
                          Tianran Zhou
                          Mauro Cociglio
                          Fengwei Qin
                          Ran Pang
        Filename        : draft-ietf-6man-ipv6-alt-mark-07.txt
        Pages           : 21
        Date            : 2021-06-22

   This document describes how the Alternate Marking Method can be used
   as a passive performance measurement tool in an IPv6 domain.  It
   defines a new Extension Header Option to encode Alternate Marking
   information in both the Hop-by-Hop Options Header and Destination
   Options Header.

The IETF datatracker status page for this draft is:

There is also an htmlized version available at:

A diff from the previous version is available at:

Internet-Drafts are also available by anonymous FTP at:

IETF IPv6 working group mailing list<>
Administrative Requests: