IETF Logo Mail Archive

Re: Adrian Farrel's No Objection on draft-ietf-6man-ext-transmit-04: (with COMMENT)

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 07 October 2013 19:19 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 071CC11E8123; Mon, 7 Oct 2013 12:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.511
X-Spam-Level:
X-Spam-Status: No, score=-102.511 tagged_above=-999 required=5 tests=[AWL=0.088, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAXdWLepfpmH; Mon, 7 Oct 2013 12:19:03 -0700 (PDT)
Received: from mail-pd0-x22f.google.com (mail-pd0-x22f.google.com [IPv6:2607:f8b0:400e:c02::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 038CF11E8128; Mon, 7 Oct 2013 12:19:00 -0700 (PDT)
Received: by mail-pd0-f175.google.com with SMTP id q10so7539524pdj.6 for <multiple recipients>; Mon, 07 Oct 2013 12:19:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=jmnu9iImb7JEFRe5ODTPQPHyGodqaY9ZjrRb1xaLVcA=; b=mLW889gAMWPzmO+NfESiR11eY53qa5GgVKg4mbjJVm0yvmO6LQvk5TBoS6dRqjPpuG Jd/zgfSHorrqS0QYY0Jv1TKCAYuRXYvhuEHz+/q6Dh1SffGTjCGpVgE6uAa0xQO4Gequ Se28Jz6281rSrm0rOXe6W/vXutIZV2/nI7vZGQ4FhDM/OZ/eibLVzL2sTXYzXsw/Wt30 Q49rHqv+oywL4VFhpYC+wkgl0fUi0TeBYcujadmyom1ZLqQhylGAUITEUJG8zWMl/yJI 195LojhF9wARyUTuKNv83lFXrV/r2mOCbUV7Mj2aSq7NMoe+SMfjqtW8FFT5KIobNFSy KFaQ==
X-Received: by 10.66.148.97 with SMTP id tr1mr4895557pab.163.1381173540721; Mon, 07 Oct 2013 12:19:00 -0700 (PDT)
Received: from [192.168.178.20] (58.197.69.111.dynamic.snap.net.nz. [111.69.197.58]) by mx.google.com with ESMTPSA id kd1sm41536612pab.20.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 07 Oct 2013 12:18:59 -0700 (PDT)
Message-ID: <52530921.3060202@gmail.com>
Date: Tue, 08 Oct 2013 08:18:57 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "C. M. Heard" <heard@pobox.com>
Subject: Re: Adrian Farrel's No Objection on draft-ietf-6man-ext-transmit-04: (with COMMENT)
References: <20131007144327.16131.88173.idtracker@ietfa.amsl.com> <Pine.LNX.4.64.1310070914240.13173@shell4.bayarea.net>
In-Reply-To: <Pine.LNX.4.64.1310070914240.13173@shell4.bayarea.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: 6man-chairs@tools.ietf.org, Adrian Farrel <adrian@olddog.co.uk>, draft-ietf-6man-ext-transmit@tools.ietf.org, ipv6@ietf.org, The IESG <iesg@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2013 19:19:04 -0000

On 08/10/2013 05:53, C. M. Heard wrote:
> On Mon, 7 Oct 2013, Adrian Farrel wrote:
>> Section 1.1
>>
>> A couple of points about the following paragraph:
>>
>>    In this document "standard" IPv6 extension headers are those
>>    specified in detail by IETF standards actions.  "Experimental"
>>    extension headers are those defined by any Experimental RFC, and the
>>    experimental extension header values 253 and 254 defined by [RFC3692]
>>    and [RFC4727].  "Defined" extension headers are the "standard"
>>    extension headers plus the "experimental" ones.
> ...
>> Are 253 and 254 intended solely for experimental extension headers? 
>> Couldn't the experiment be an experimental payload protocol?
> 
> This is a good point.  RFC 3692 calls these out as experimental 
> values for the IP Protocol Field, so experiments could in principle 
> use these values either for experimental upper layer protocols or 
> for experimental IPv6 headers.  Nodes that are not involved in the 
> experiment (including middleboxes) would have no way of knowing the 
> difference.
> 
> This opens up a small can of worms, because Section 2.1 says that 
> "[e]xperimental IPv6 extension headers SHOULD be treated in the same 
> way as standard extension headers, including an individually 
> configurable discard policy."  The problem is that if a node not 
> participating in an experiment encounters a next header value of 253 
> or 254 it won't know whether to treat what follows as an 
> experimental extension header, conforming to the uniform TLV format 
> specified in RFC 6564, or an experimental upper-layer protocol, 
> where all bets are off with respect to format.  If packets 
> containing these values are to be passed by a middlebox not 
> participating in an experiment, it seems that the middlebox would 
> have to stop parsing when encountering these values, and pass or 
> drop the packet depending on what it's supposed to do with unknown 
> upper layer protocol protocol types.
> 
> (As an aside, it occure to me that the same thing is true if a 
> middlebox encounters a next header type that it does not recognize 
> -- it won't know if it refers to an extension header or an upper 
> layer protocol, and must treat it as the latter.  Hence the 
> requirement that "[f]orwarding nodes MUST be configurable to allow 
> packets containing unrecognised extension headers" means, in 
> practice, that a middlebox needs to have a switch to allow unknown 
> upper layer protocols to pass through.)

Yes, and for a moment there you had me worried, but if the security
concern is that the unknown header may contain bad stuff and/or cause
a buffer overflow bug, then it really doesn't matter whether it is
an extension header or a payload header. In either case, if you let
the packet through, you are assuming that the destination host knows
what it's doing.

We might need a slight rewording to remove the implication that
253/254 can *only* be used as extension headers. Something like:

 "Experimental" extension headers include those defined by any
 Experimental RFC, and the values 253 and 254 defined by [RFC3692]
 and [RFC4727] when used as experimental extension headers.

>> ---
>>
>> I find myself in I-wouldn't-have-done-it-this-way land, so this is, of
>> course, just a Comment for you to chew on and accept or reject according
>> to how it strikes you...
>>
>> It seems to me unwise to create a new registry that duplicates
>> information held in another registry. By adding a column to the
>> "Assigned Internet Protocol Numbers" registry you are making it 
>> completely clear which are the IPv6 Extension Headers. Rather than risk 
>> having this registry out of step with your new "IPv6 Extension Header
>> Types registry", I would have had the existing, empty "IPv6 Next Header
>> Types" registry redirect users to the "Assigned Internet Protocol
>> Numbers" registry and mention the existence of the specific column that
>> identifies extension headers.
> 
> I think this idea has a lot of merit.  

Disagree, for reason given in my previous message.

> Putting that information in 
> the Internet protocol numbers registry would also provide an 
> opportunity to fix some things about extention header entryes that 
> currently are not quite right, such as:
> 
> 
> 43	IPv6-Route	Routing Header for IPv6		[Steve_Deering]
> 44	IPv6-Frag	Fragment Header for IPv6	[Steve_Deering]
> 

We can ask IANA to fix bugs anytime, surely?

    Brian

> 
> Thanks and regards,
> 
> Mike Heard
>

v2.23.0 | Report a Bug | By Email