Re: Adrian Farrel's No Objection on draft-ietf-6man-ext-transmit-04: (with COMMENT)
Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 07 October 2013 19:19 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 071CC11E8123; Mon, 7 Oct 2013 12:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.511
X-Spam-Level:
X-Spam-Status: No, score=-102.511 tagged_above=-999 required=5 tests=[AWL=0.088, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAXdWLepfpmH; Mon, 7 Oct 2013 12:19:03 -0700 (PDT)
Received: from mail-pd0-x22f.google.com (mail-pd0-x22f.google.com [IPv6:2607:f8b0:400e:c02::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 038CF11E8128; Mon, 7 Oct 2013 12:19:00 -0700 (PDT)
Received: by mail-pd0-f175.google.com with SMTP id q10so7539524pdj.6 for <multiple recipients>; Mon, 07 Oct 2013 12:19:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=jmnu9iImb7JEFRe5ODTPQPHyGodqaY9ZjrRb1xaLVcA=; b=mLW889gAMWPzmO+NfESiR11eY53qa5GgVKg4mbjJVm0yvmO6LQvk5TBoS6dRqjPpuG Jd/zgfSHorrqS0QYY0Jv1TKCAYuRXYvhuEHz+/q6Dh1SffGTjCGpVgE6uAa0xQO4Gequ Se28Jz6281rSrm0rOXe6W/vXutIZV2/nI7vZGQ4FhDM/OZ/eibLVzL2sTXYzXsw/Wt30 Q49rHqv+oywL4VFhpYC+wkgl0fUi0TeBYcujadmyom1ZLqQhylGAUITEUJG8zWMl/yJI 195LojhF9wARyUTuKNv83lFXrV/r2mOCbUV7Mj2aSq7NMoe+SMfjqtW8FFT5KIobNFSy KFaQ==
X-Received: by 10.66.148.97 with SMTP id tr1mr4895557pab.163.1381173540721; Mon, 07 Oct 2013 12:19:00 -0700 (PDT)
Received: from [192.168.178.20] (58.197.69.111.dynamic.snap.net.nz. [111.69.197.58]) by mx.google.com with ESMTPSA id kd1sm41536612pab.20.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 07 Oct 2013 12:18:59 -0700 (PDT)
Message-ID: <52530921.3060202@gmail.com>
Date: Tue, 08 Oct 2013 08:18:57 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "C. M. Heard" <heard@pobox.com>
Subject: Re: Adrian Farrel's No Objection on draft-ietf-6man-ext-transmit-04: (with COMMENT)
References: <20131007144327.16131.88173.idtracker@ietfa.amsl.com> <Pine.LNX.4.64.1310070914240.13173@shell4.bayarea.net>
In-Reply-To: <Pine.LNX.4.64.1310070914240.13173@shell4.bayarea.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: 6man-chairs@tools.ietf.org, Adrian Farrel <adrian@olddog.co.uk>, draft-ietf-6man-ext-transmit@tools.ietf.org, ipv6@ietf.org, The IESG <iesg@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2013 19:19:04 -0000
On 08/10/2013 05:53, C. M. Heard wrote: > On Mon, 7 Oct 2013, Adrian Farrel wrote: >> Section 1.1 >> >> A couple of points about the following paragraph: >> >> In this document "standard" IPv6 extension headers are those >> specified in detail by IETF standards actions. "Experimental" >> extension headers are those defined by any Experimental RFC, and the >> experimental extension header values 253 and 254 defined by [RFC3692] >> and [RFC4727]. "Defined" extension headers are the "standard" >> extension headers plus the "experimental" ones. > ... >> Are 253 and 254 intended solely for experimental extension headers? >> Couldn't the experiment be an experimental payload protocol? > > This is a good point. RFC 3692 calls these out as experimental > values for the IP Protocol Field, so experiments could in principle > use these values either for experimental upper layer protocols or > for experimental IPv6 headers. Nodes that are not involved in the > experiment (including middleboxes) would have no way of knowing the > difference. > > This opens up a small can of worms, because Section 2.1 says that > "[e]xperimental IPv6 extension headers SHOULD be treated in the same > way as standard extension headers, including an individually > configurable discard policy." The problem is that if a node not > participating in an experiment encounters a next header value of 253 > or 254 it won't know whether to treat what follows as an > experimental extension header, conforming to the uniform TLV format > specified in RFC 6564, or an experimental upper-layer protocol, > where all bets are off with respect to format. If packets > containing these values are to be passed by a middlebox not > participating in an experiment, it seems that the middlebox would > have to stop parsing when encountering these values, and pass or > drop the packet depending on what it's supposed to do with unknown > upper layer protocol protocol types. > > (As an aside, it occure to me that the same thing is true if a > middlebox encounters a next header type that it does not recognize > -- it won't know if it refers to an extension header or an upper > layer protocol, and must treat it as the latter. Hence the > requirement that "[f]orwarding nodes MUST be configurable to allow > packets containing unrecognised extension headers" means, in > practice, that a middlebox needs to have a switch to allow unknown > upper layer protocols to pass through.) Yes, and for a moment there you had me worried, but if the security concern is that the unknown header may contain bad stuff and/or cause a buffer overflow bug, then it really doesn't matter whether it is an extension header or a payload header. In either case, if you let the packet through, you are assuming that the destination host knows what it's doing. We might need a slight rewording to remove the implication that 253/254 can *only* be used as extension headers. Something like: "Experimental" extension headers include those defined by any Experimental RFC, and the values 253 and 254 defined by [RFC3692] and [RFC4727] when used as experimental extension headers. >> --- >> >> I find myself in I-wouldn't-have-done-it-this-way land, so this is, of >> course, just a Comment for you to chew on and accept or reject according >> to how it strikes you... >> >> It seems to me unwise to create a new registry that duplicates >> information held in another registry. By adding a column to the >> "Assigned Internet Protocol Numbers" registry you are making it >> completely clear which are the IPv6 Extension Headers. Rather than risk >> having this registry out of step with your new "IPv6 Extension Header >> Types registry", I would have had the existing, empty "IPv6 Next Header >> Types" registry redirect users to the "Assigned Internet Protocol >> Numbers" registry and mention the existence of the specific column that >> identifies extension headers. > > I think this idea has a lot of merit. Disagree, for reason given in my previous message. > Putting that information in > the Internet protocol numbers registry would also provide an > opportunity to fix some things about extention header entryes that > currently are not quite right, such as: > > > 43 IPv6-Route Routing Header for IPv6 [Steve_Deering] > 44 IPv6-Frag Fragment Header for IPv6 [Steve_Deering] > We can ask IANA to fix bugs anytime, surely? Brian > > Thanks and regards, > > Mike Heard >
- Adrian Farrel's No Objection on draft-ietf-6man-e… Adrian Farrel
- Re: Adrian Farrel's No Objection on draft-ietf-6m… C. M. Heard
- Re: Adrian Farrel's No Objection on draft-ietf-6m… Brian E Carpenter
- Re: Adrian Farrel's No Objection on draft-ietf-6m… Brian E Carpenter
- Re: Adrian Farrel's No Objection on draft-ietf-6m… C. M. Heard
- Re: Adrian Farrel's No Objection on draft-ietf-6m… Brian E Carpenter
- RE: Adrian Farrel's No Objection on draft-ietf-6m… Templin, Fred L
- Re: Adrian Farrel's No Objection on draft-ietf-6m… Brian E Carpenter
- RE: Adrian Farrel's No Objection on draft-ietf-6m… Templin, Fred L
- RE: Adrian Farrel's No Objection on draft-ietf-6m… Templin, Fred L