IETF Logo Mail Archive

RE: [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic Fragments

"Templin (US), Fred L" <Fred.L.Templin@boeing.com> Fri, 19 November 2021 16:18 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06D8A3A07E6 for <ipv6@ietfa.amsl.com>; Fri, 19 Nov 2021 08:18:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=boeing.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vHdPPPn2GlgD for <ipv6@ietfa.amsl.com>; Fri, 19 Nov 2021 08:18:16 -0800 (PST)
Received: from clt-mbsout-02.mbs.boeing.net (clt-mbsout-02.mbs.boeing.net [130.76.144.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFD243A07E2 for <ipv6@ietf.org>; Fri, 19 Nov 2021 08:18:14 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by clt-mbsout-02.mbs.boeing.net (8.15.2/8.15.2/DOWNSTREAM_MBSOUT) with SMTP id 1AJGI958029208; Fri, 19 Nov 2021 11:18:12 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=boeing.com; s=boeing-s1912; t=1637338692; bh=0N6EBF7TyE1agUyniCPZYZZgm0VlWcD6znTjBdASD7U=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=QhRRHCaXXkd1+8ZDqFLeUFhwPMHZXhqWvaOWZK3y6Kx3nJJpWZW2i+VUeba5PEEIy +5PEmE0jXiRmviBZHAhHzmdlLxXVpJR08FZ8r00dQLuv9eVHCm4Y7uDyZEtIAHwmLg BL2ob+iIKQYzLFakpP67AFzuV12D1ADfePrxOMqTz6ViKlyl1GyWLlcZesaHqpzflo UvwtEzxeyoe6cdNGW9X5YwEa3UmMpHi6p+OreJrm/fENwSejcol34doYqAI0Yj3bUA 2Lugi7omCQnR+XIUqh2MwtCRcAqvAVJDH7vNibuotYBNeDkA7GGqYQBvXOeD6ROJ7b GFCsyWq+cUmzg==
Received: from XCH16-07-09.nos.boeing.com (xch16-07-09.nos.boeing.com [144.115.66.111]) by clt-mbsout-02.mbs.boeing.net (8.15.2/8.15.2/8.15.2/UPSTREAM_MBSOUT) with ESMTPS id 1AJGI7HE029185 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 19 Nov 2021 11:18:07 -0500
Received: from XCH16-07-10.nos.boeing.com (144.115.66.112) by XCH16-07-09.nos.boeing.com (144.115.66.111) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.14; Fri, 19 Nov 2021 08:18:06 -0800
Received: from XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5]) by XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5%2]) with mapi id 15.01.2308.014; Fri, 19 Nov 2021 08:18:06 -0800
From: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
To: Mark Smith <markzzzsmith@gmail.com>
CC: Nick Hilliard <nick@foobar.org>, IPv6 List <ipv6@ietf.org>
Subject: RE: [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic Fragments
Thread-Topic: [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic Fragments
Thread-Index: AdfdWjAHT7wxdQZH70CXpjUTcxCIdQARlzsAABAJdlA=
Date: Fri, 19 Nov 2021 16:18:06 +0000
Message-ID: <986ef062d3874a3caf9fbf19dbf55350@boeing.com>
References: <01510cc3c19b4b4b8cef41357c975fd9@boeing.com> <CAO42Z2zitj2mOzj80G_SUfukg551A64n9HnOcC2-ukCta4Ohaw@mail.gmail.com>
In-Reply-To: <CAO42Z2zitj2mOzj80G_SUfukg551A64n9HnOcC2-ukCta4Ohaw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [137.137.12.6]
x-tm-snts-smtp: 90945C61C9C623E9B0DA472C5C3B9EC9DF42308CF7AD8886477E2BDA2B6130552000:8
Content-Type: multipart/alternative; boundary="_000_986ef062d3874a3caf9fbf19dbf55350boeingcom_"
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ZvXTghJTUqVy4qfRl7x7n0PwlSY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Nov 2021 16:18:21 -0000

I am sorry Mark, but this is not AH – the AERO/OMNI identification mechanism
is modeled after the way TCP peers negotiate sequence number windows, with
the expectation that the peers may renegotiate sequence numbers frequently to
keep the attack surface unpredictable. Please do not make blanket statements
without reading documents.

Fred

From: Mark Smith [mailto:markzzzsmith@gmail.com]
Sent: Friday, November 19, 2021 7:53 AM
To: Templin (US), Fred L <Fred.L.Templin@boeing.com>
Cc: Nick Hilliard <nick@foobar.org>; IPv6 List <ipv6@ietf.org>
Subject: [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic Fragments


EXT email: be mindful of links/attachments.





On Sat, 20 Nov 2021, 02:32 Templin (US), Fred L, <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote:
Thanks Mark, but I don’t want AH; I want AERO/OMNI. I want the Identifications to serve
the dual purpose of supporting the fragmentation/reassembly process and providing an
in-window value that recipients can use to detect spurious packets. And, I want the same
mechanism used for packets of all sizes, up to and including jumbos.

AH + JG

Done. No reinventing wheels.


Fred

From: Mark Smith [mailto:markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>]
Sent: Thursday, November 18, 2021 4:11 PM
To: Templin (US), Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>>
Cc: Nick Hilliard <nick@foobar.org<mailto:nick@foobar.org>>; IPv6 List <ipv6@ietf.org<mailto:ipv6@ietf.org>>
Subject: Re: Transmission of IPv6 Jumbograms as Atomic Fragments

On Fri, 19 Nov 2021, 07:12 Templin (US), Fred L, <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote:
Nick,

> Do you have a use case in mind for the ID field?

Thank you for this timely question. I just got done posting a major update to the
draft, which now is titled: "IPv6 Packet Identification" and considers all forms of
IPv6 packets and not just Jumbograms. In answer to your question here is the new
Section 2 text from the draft (link provided below):

"2.  IPv6 Packet Identification

   When IPv6 sources and destinations have some way of maintaining
   "windows" of acceptable Identification values, the destination may be
   able to examine received packet Identifications to determine whether
   they likely originated from the source.

This seems to be describing the sequence number verification used in IPsec AH per RFC 4302.

It may be worth either just using AH as is, and getting all of its other benefits, or look at creating a simplified version of it rather than modifying the jumbogram EH to start duplicating existing AH functionality.

According to RFC 4302 there are a range of reserved SPI values (1 through 255), you could use one of those to indicate a light weight version of AH that just does packet identification, avoiding the need to set up Security Associations with IKE.

Regards,
Mark.

The AERO
   [I-D.templin-6man-aero] and OMNI [I-D.templin-6man-omni]
   specifications discuss methods for maintaining windows of
   unpredictable values that may reduce attack profiles in some
   environments."

Thanks, and here is the draft URL:

https://datatracker.ietf.org/doc/draft-templin-6man-jumbofrag/

Fred

> -----Original Message-----
> From: Nick Hilliard [mailto:nick@foobar.org<mailto:nick@foobar.org>]
> Sent: Thursday, November 18, 2021 9:16 AM
> To: Templin (US), Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>>
> Cc: IPv6 List <ipv6@ietf.org<mailto:ipv6@ietf.org>>
> Subject: Re: Transmission of IPv6 Jumbograms as Atomic Fragments
>
>
> Templin (US), Fred L wrote on 18/11/2021 15:23:
> > Bob, what I want is exactly the Identification field that is found in the Fragment Header
> > while simply leaving the rest of the fields of that header set to 0
>
> Do you have a use case in mind for the ID field?
>
> Nick

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email