Re: oversized-header-chains: Receipt of illegal first-fragments

"Fred Baker (fred)" <> Wed, 18 July 2012 21:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E77AF11E809B for <>; Wed, 18 Jul 2012 14:02:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -110.605
X-Spam-Status: No, score=-110.605 tagged_above=-999 required=5 tests=[AWL=-0.006, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id c7bOH+QMdFbE for <>; Wed, 18 Jul 2012 14:02:38 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 9A53211E819B for <>; Wed, 18 Jul 2012 14:02:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=2703; q=dns/txt; s=iport; t=1342645408; x=1343855008; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=qybPfB05uQMyy8B6CtlCY8LDWqQY0aRiad3F/+9Gyhc=; b=J2/Enp/55P0kJmHL5MA59ontunyqiR31Kj0PJessr9s3OEdv4aKN9Rq6 dDJWCTD1I53ArZxfHp+wOO0zRr9TXPS4AvFdIP2RsDRfsTyGX0bv51DlT t+tW7FJap6FSBJAUUriwh8JdHjs0sMZ3x3Ca8OeA1OFAfpBwQtsm68IS1 A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="4.77,611,1336348800"; d="scan'208";a="103183960"
Received: from ([]) by with ESMTP; 18 Jul 2012 21:03:25 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id q6IL3P6u029904 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 18 Jul 2012 21:03:25 GMT
Received: from ([]) by ([]) with mapi id 14.02.0298.004; Wed, 18 Jul 2012 16:03:24 -0500
From: "Fred Baker (fred)" <>
To: Fernando Gont <>
Subject: Re: oversized-header-chains: Receipt of illegal first-fragments
Thread-Topic: oversized-header-chains: Receipt of illegal first-fragments
Thread-Index: AQHNZSUtNouozLlO+0+wf0KlZ63Ba5cv2w4A
Date: Wed, 18 Jul 2012 21:03:27 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-tm-as-product-ver: SMEX-
x-tm-as-result: No--43.116100-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "" <>
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 18 Jul 2012 21:02:39 -0000

On Jul 18, 2012, at 1:36 PM, Fernando Gont wrote:

> Folks,
> There's one issue that came up during my recent exchange with Suresh on
> which I'd like others (including Suresh) to weigh in:
> Since first-fragments that fail to include the entire header chain will
> be illegal, I think it would be appropriate to include an additional
> requirement in draft-ietf-6man-oversized-header-chain along the lines of:
> "A host that receives a first-fragment that fails to include the entire
> IPv6 header chain MUST silently drop the aforementioned fragment".
> Clearly, since such packets are illegal, they shouldn't exist in the
> first place... so dropping them makes sense.
> Thoughts?

I would say "SHOULD", but I'm OK with the fundamental statement. The Robustness Principle has some built-in tension: "be liberal in what you accept and conservative in what you send" often works out to mean "accept a technically-illegal message if you can work out an unambiguous intent"; what you are saying is to "be strict in what you accept", which in this case is (as you suggest) probably the right thing to do.

The distinction between "SHOULD" and "MUST" is a little of a chinese wall. The rule I use, which is neither specified nor universal, is that I say something "MUST" be obeyed if failing to obey results in an identifiable failure (fragmenting a DNF packet, for example, fails in that if a recipient of DNF fragments will refuse to reassemble them, this prevents communication that was intended to be supported, so a packet marked DNF "MUST" not be fragmented), and I use "SHOULD" when I would like to say "MUST" but can't identify the failure mode and therefore might have a case in which it is inappropriate. The argument for "MUST" in this case would be that there will be a reasonable chance that the recommendations of the draft will not be given teeth apart from being "strict"; the argument for "SHOULD" is that this could be handled as an exception case operationally.

> Thanks!
> Best regards,
> -- 
> Fernando Gont
> SI6 Networks
> e-mail:
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> Administrative Requests:
> --------------------------------------------------------------------

The ignorance of how to use new knowledge stockpiles exponentially. 
   - Marshall McLuhan