Re: [IPv6] Routing Headers and limited domains (Was Re: Adoption call for draft-bonica-6man-comp-rtg-hdr
Mark Smith <markzzzsmith@gmail.com> Thu, 09 November 2023 22:39 UTC
Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D09BC17C8B0; Thu, 9 Nov 2023 14:39:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.603
X-Spam-Level:
X-Spam-Status: No, score=-1.603 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vA67AX96ItA8; Thu, 9 Nov 2023 14:39:34 -0800 (PST)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59990C15C2AA; Thu, 9 Nov 2023 14:39:34 -0800 (PST)
Received: by mail-lf1-x12c.google.com with SMTP id 2adb3069b0e04-50930f126b1so1761655e87.3; Thu, 09 Nov 2023 14:39:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699569572; x=1700174372; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=qP952qVIZTYnLZSEvY4ag+ilSJBge1bmuOAA5FhRKOs=; b=OnW5stqrWidM4RnJAvbCGAUk3BHc5roGeHjx3pj7qkAEnQKrXi1rZLw3JU1Ty7OEmC r5YB6MO1jBZfcLeS7wXSsjZ/RloRFA9eeYhLqBLiRS7jQY0Xk860ocZMXGQX4AF9bj8J 9E8bAp4AO01lZBGNVrRyuSpNbOBh4pK+rMJSlpKfKW5IjIK3iZxcMN9a2wSJhEAzF751 PVc9OdyqToPcDdPvPW5brBV1VRBi/cKSwMvlyLhAaMcdUcN4LMYBumh7LVILTG+YBnnE eW4Q/Q09Jp+hUEhCn4D4faH54vvBw5rBaTdtqm4WH4vwWIvstF6uIIxistoDl5ySJgy1 G2hQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699569572; x=1700174372; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qP952qVIZTYnLZSEvY4ag+ilSJBge1bmuOAA5FhRKOs=; b=GvZAnrwx0n98/XzDjYquQ3Jh1wrWWmipWd7bd1ja2R4Zd09B6NtJEptrNPzHLSICnq QpVcmzCeoft5OlAydCXDkU+mVwYHX/o/bXBs9Jvtb6cpYzE+Nv2hg1wGiwzyg1E6/hrC i9hrurfJ2Kjq23QXllfB/CLa8ZqEFKNPhIWqwySxYMrLGbSvbgO3Fa5UBoHV05PpkJ6J qxF4wVec8ZV655XmqPR4LIWyXEW2uqnLbcn2pF55lToPmYQS9lsWP9I2WjGWwubQfjzh P7WRy0+3WwApE9XQzzaTPn16qbC+nKND4wV4+oHEXjHtW+ASFRXSwMGVc92yVj1q1Zp/ b56A==
X-Gm-Message-State: AOJu0YxHm1OE1uEz8ity86RaPXXO4JWoEluPT7IfNjhM3Qky7O1qtYKr GKMYIgqYdEKeWGkBFyNNlp/j39kwLNGc3c5FktA=
X-Google-Smtp-Source: AGHT+IEBHDeUIzKQ6umjQSGYmIqyGvL4rgnEHAPAGvlTd1ARJPyJV1HEcGLeOSqr8bDUeIgFGoZfoctYnHcfpUxP+kY=
X-Received: by 2002:a19:5509:0:b0:50a:26b:6ddf with SMTP id n9-20020a195509000000b0050a026b6ddfmr537267lfe.63.1699569571428; Thu, 09 Nov 2023 14:39:31 -0800 (PST)
MIME-Version: 1.0
References: <CAFU7BARQLAS+w7kKUPSBgFacc5GXNAaJ97qkJg9VyjbhoNibcQ@mail.gmail.com> <CAMMESsysV1Oc3JyU058GRbUFfs18WEz16GKLcZX-waFo+hoN0w@mail.gmail.com> <BL0PR05MB5316B366B7B4A3C1D4AF4686AEA3A@BL0PR05MB5316.namprd05.prod.outlook.com> <CAMMESsxQj9hRS2HxHWK67EkR-=s-3Qor88+qGRzYFMnrJOR_qQ@mail.gmail.com> <BL0PR05MB53166A455E68541ED2586EC5AEA2A@BL0PR05MB5316.namprd05.prod.outlook.com> <CACMsEX-juiW5uOHze3j4zRnrG_Djn4S99hB=TJi3OgEiQz6QxA@mail.gmail.com> <CAO42Z2yR9Y_MszPuia3eS6zv2WJFiqb07juatp99bhbDO0kbxA@mail.gmail.com> <CAO42Z2y8e46hv0Cf49gHJnEimjrOg1dOwa2x36Zu77vBWzvdKw@mail.gmail.com> <f2150c48-480b-45a7-98a6-b2893ead8065@joelhalpern.com> <CALx6S37_2SAfOPsyKcXa6qKinAw_8tf7W_d5i8G86R2QEdck6Q@mail.gmail.com> <108bd733-5c66-4fb5-8224-fb2a1898ecc9@joelhalpern.com> <CALx6S37eJDJ1HpWrQOasOGqnVZyEDQYkmQxxjfpcHhykSUA1Bw@mail.gmail.com> <e45743ed-67bf-45a7-a60c-9dba2bb5de32@joelhalpern.com> <CALx6S374WuKBHodNCuPpZLe0g3BRLWsE9dANLDvidZPUca5C+w@mail.gmail.com> <744cd045-ee48-4829-bc6c-b36467c2acfd@joelhalpern.com> <CALx6S37SHG4Ut+8gsZW1UE-ykKpkj-wA8W1uiQEqFmdoqrkWAQ@mail.gmail.com> <CA+wi2hMzdxBr+_cX1ZQ_KTh9+5Y8990yKaFpCYBBzM3MR=WD+g@mail.gmail.com> <CALx6S36e=Dhv44HLmMR_aDxVYaNJOkr7hBpWk2HM5bPOQ0pXJg@mail.gmail.com> <CA+wi2hOMAiTFWTMDrwTui9hALYqWXfUT3AxQmbkE5OLKfcTivg@mail.gmail.com> <CALx6S3402WLBVamq7ix_hEnMZ+9Li2rzmSJ=Mx62_powJ5XFUg@mail.gmail.com> <CA+wi2hPr8DVWjp8U-0gghGJnqw-ZkihexWBWxyrJzhCMicfLSA@mail.gmail.com> <CAO42Z2x2TqJ33Nmh5S_5t5rCAojhkTxWRKG+CmaDzHZWkx042Q@mail.gmail.com> <BL0PR05MB5316FAE9A382BDA191618F23AEA5A@BL0PR05MB5316.namprd05.prod.outlook.com>
In-Reply-To: <BL0PR05MB5316FAE9A382BDA191618F23AEA5A@BL0PR05MB5316.namprd05.prod.outlook.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Fri, 10 Nov 2023 09:39:04 +1100
Message-ID: <CAO42Z2wc0Zm3EMT5=B2Rg-VbLpPXhBR7ifwKNjCWi=Gz1e_74g@mail.gmail.com>
To: Ron Bonica <rbonica@juniper.net>
Cc: Tony Przygienda <tonysietf@gmail.com>, The IESG <iesg@ietf.org>, "iab@ietf.org" <iab@ietf.org>, Tom Herbert <tom@herbertland.com>, 6man <ipv6@ietf.org>, "draft-bonica-6man-comp-rtg-hdr.authors@ietf.org" <draft-bonica-6man-comp-rtg-hdr.authors@ietf.org>, Chris Chaundy <chris.chaundy@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/YmLx7VT04qbXuWnq1vALj-K7rqA>
Subject: Re: [IPv6] Routing Headers and limited domains (Was Re: Adoption call for draft-bonica-6man-comp-rtg-hdr
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Nov 2023 22:39:38 -0000
Hi All, Further to Ron's email below, here is the other Standards track IETF RFC that inserts and removes IPv6 EHs in-flight, also contrary to RFC 8200/Internet Standard 80. RFC 6550, "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks" As it mentions the term "IPv6" a total of 64 times, it obviously implies that it is complying with RFC 8200/Standard 80. This now expired Internet Draft may have been the document that made me consider and realise the issues that "private" and non-compliant limited domain modifications could cause. It specifically articulates the thinking that in a limited domain ("managed domain"), fields can be redefined, contrary to specifications. Using the IPv6 Flow Label for Performance Measurement with Alternate Marking Method in Segment Routing https://datatracker.ietf.org/doc/html/draft-fioccola-spring-flow-label-alt-mark-01 The main reason this ID stood out to me was that I was involved in the updating and current definition of the IPv6 Flow Label field that resulted in RFC 6437 (RFC 6436 explains rationale for the update). I suggested treating the flow label field similar to the DSCP field, meaning a local network could change the Flow Label field to suit its purposes. However the outcome, which I agree with, is that a "flow" is an end-to-end property and has semantics that are independent of any networks the packet is carried across, so once the Flow Label value is set, it should be left alone, and its structure and interpretation should be consistent along the whole of the packet's path between the packet's Source Address and Destination Address. Regards, Mark. On Sat, 4 Nov 2023 at 08:49, Ron Bonica <rbonica@juniper.net> wrote: > > Mark, > > > > I believe that the two bullet points you provide in your email, below, contain the bare, unvarnished truth. The authority to act on these truth is with the IETF leadership. So, I have copied the IAB and IESG. > > > > IMHO, the IAB should issue a statement saying a) that RFC 8799 is not an IETF consensus document, b) restriction to a limited domain is not an excuse for violating an IETF standard, and c) restriction to a limited domain is not a sufficient mitigation of vulnerabilities. A Security Consideration section MUST specify what each node (not each limited domain) must do to protect itself from vulnerabilities. > > > > Ron > > > > > > > > > Juniper Business Use Only > > From: Mark Smith <markzzzsmith@gmail.com> > Sent: Friday, November 3, 2023 12:22 AM > To: Tony Przygienda <tonysietf@gmail.com> > Cc: Tom Herbert <tom@herbertland.com>; 6man <ipv6@ietf.org>; draft-bonica-6man-comp-rtg-hdr.authors@ietf.org; Chris Chaundy <chris.chaundy@gmail.com> > Subject: Re: [IPv6] Routing Headers and limited domains (Was Re: Adoption call for draft-bonica-6man-comp-rtg-hdr > > > > [External Email. Be cautious of content] > > > > [snip] > > > When I was reviewing the limited domain ID, now RFC 8799, I realised I had a few concerns about the fundamental concept (which were ultimately addressed in RFC 8799): > > > > 1. declaring something a "limited domain" becomes a way to justify not following, and to dismiss the importance of not following certain IETF protocol specifications, while also still implying complying with them, by referring to them and referencing them in the RFC. > > 2. Vendors using 1. to implement their own proprietary extensions to protocols, yet still claiming to comply with an IETF protocols specification on their product specification sheets, hiding their proprietary extensions, which you may only discover after you've bought and then deployed their apparently compliant implementation. > > > >
- [IPv6] Adoption call for draft-bonica-6man-comp-r… Jen Linkova
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Mark Smith
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Andrew Alston - IETF
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Daniam Henriques
- Re: [IPv6] Adoption call for draft-bonica-6man-co… 李星
- Re: [IPv6] [EXTERNAL] Adoption call for draft-bon… Templin (US), Fred L
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Greg Mirsky
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Reji Thomas
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Alvaro Retana
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Ron Bonica
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Gyan Mishra
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Alvaro Retana
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Ron Bonica
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Nick Buraglio
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Mark Smith
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Mark Smith
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Joel Halpern
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Tom Herbert
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Joel Halpern
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Tom Herbert
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Joel Halpern
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Tom Herbert
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Joel Halpern
- [IPv6] Routing Headers and limited domains (Was R… Tom Herbert
- Re: [IPv6] Routing Headers and limited domains (W… Brian E Carpenter
- Re: [IPv6] Routing Headers and limited domains (W… Tony Przygienda
- Re: [IPv6] Routing Headers and limited domains (W… Tom Herbert
- Re: [IPv6] Routing Headers and limited domains (W… Tony Przygienda
- Re: [IPv6] Routing Headers and limited domains (W… Tom Herbert
- Re: [IPv6] Routing Headers and limited domains (W… Justin Iurman
- Re: [IPv6] Routing Headers and limited domains (W… Tony Przygienda
- Re: [IPv6] Routing Headers and limited domains (W… Brian E Carpenter
- Re: [IPv6] Routing Headers and limited domains (W… Tom Herbert
- Re: [IPv6] Routing Headers and limited domains (W… Tom Herbert
- Re: [IPv6] Routing Headers and limited domains (W… Mark Smith
- Re: [IPv6] Routing Headers and limited domains (W… Brian E Carpenter
- Re: [IPv6] Routing Headers and limited domains (W… Joel Halpern
- Re: [IPv6] Routing Headers and limited domains (W… Tom Herbert
- Re: [IPv6] Routing Headers and limited domains (W… Ron Bonica
- Re: [IPv6] Routing Headers and limited domains (W… Brian E Carpenter
- Re: [IPv6] Routing Headers and limited domains (W… Ron Bonica
- Re: [IPv6] Routing Headers and limited domains (W… Ron Bonica
- Re: [IPv6] Routing Headers and limited domains (W… Tony Przygienda
- Re: [IPv6] Routing Headers and limited domains (W… Tom Herbert
- Re: [IPv6] Routing Headers and limited domains (W… Tony Przygienda
- Re: [IPv6] Routing Headers and limited domains (W… Ron Bonica
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Bob Hinden
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Zafar Ali (zali)
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Bob Hinden
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Adrian Farrel
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Jingrong Xie
- Re: [IPv6] Routing Headers and limited domains (W… Tom Herbert
- Re: [IPv6] Routing Headers and limited domains (W… Michael Richardson
- Re: [IPv6] Routing Headers and limited domains (W… Mark Smith
- Re: [IPv6] Routing Headers and limited domains (W… Tom Herbert
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Ron Bonica
- Re: [IPv6] Adoption call for draft-bonica-6man-co… gengnan
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Ron Bonica
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Tony Przygienda
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Dale W. Carder
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Robert Raszuk
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Ron Bonica
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Mark Smith
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Bob Hinden
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Tom Herbert
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Dale W. Carder
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Mark Smith
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Ketan Talaulikar
- [IPv6] Segment routing without SRH [was: Re: Rout… John Scudder
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Stefano Salsano
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Zafar Ali (zali)
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Ron Bonica
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Robert Raszuk
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Mark Smith
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Wim Henderickx (Nokia)
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Ron Bonica
- Re: [IPv6] Segment routing without SRH [was: Re: … Tom Herbert
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Ron Bonica
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Mark Smith
- Re: [IPv6] Segment routing without SRH [was: Re: … Suresh Krishnan
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Robert Raszuk
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Robert Raszuk
- Re: [IPv6] Segment routing without SRH [was: Re: … Tom Herbert
- Re: [IPv6] Routing Headers and limited domains (W… Mark Smith
- Re: [IPv6] Routing Headers and limited domains (W… Tom Herbert
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Mark Smith
- [IPv6] pcap{ng} for RFC Michael Richardson
- Re: [IPv6] Routing Headers and limited domains (W… Tom Herbert
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Tom Herbert
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Tom Herbert
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Robert Raszuk
- Re: [IPv6] Routing Headers and limited domains (W… Ron Bonica
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Tony Przygienda
- Re: [IPv6] Adoption call for draft-bonica-6man-co… Wim Henderickx (Nokia)