IETF Logo Mail Archive

Re: Proposal for changing how IPv6 Hop-by-Hop Options are processed

Fernando Gont <fernando@gont.com.ar> Tue, 08 December 2020 01:10 UTC

Return-Path: <fernando@gont.com.ar>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E83C3A0D39 for <ipv6@ietfa.amsl.com>; Mon, 7 Dec 2020 17:10:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sp7_KwBB9nQn for <ipv6@ietfa.amsl.com>; Mon, 7 Dec 2020 17:10:10 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40E253A0D3A for <ipv6@ietf.org>; Mon, 7 Dec 2020 17:10:09 -0800 (PST)
Received: from [192.168.1.5] (unknown [190.179.27.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id E9F7C284686; Tue, 8 Dec 2020 01:10:01 +0000 (UTC)
Subject: Re: Proposal for changing how IPv6 Hop-by-Hop Options are processed
To: Tom Herbert <tom@herbertland.com>, "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
Cc: "otroan@employees.org" <otroan@employees.org>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>, 6man WG <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
References: <37cde639d1d0427191843454e040979d@boeing.com> <CALx6S34Aj=Z-wAMDfuA7pXA9ceUigLGSnqhRGNoss7q2f2kYbg@mail.gmail.com>
From: Fernando Gont <fernando@gont.com.ar>
Message-ID: <70968e33-4351-e9d4-cf2b-394db703db78@gont.com.ar>
Date: Mon, 07 Dec 2020 21:18:03 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CALx6S34Aj=Z-wAMDfuA7pXA9ceUigLGSnqhRGNoss7q2f2kYbg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/cTWDwol_FDpqRWTXYFVmTEzmv_g>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 01:10:12 -0000

Hi, Tom,

On 7/12/20 13:21, Tom Herbert wrote:
[...]
>>
>> The real strength of Postel's law is the second clause moreso than the first. Application
>> of the second clause per my proposed text will naturally guide application of the first
>> clause in cases where the sender actually does want the HbH option processed. In
>> other cases, the second clause ensures correct operation for the receiver.
>>
> Fred,
> 
> The receive clause of the Robustness principle is only applicable
> within the bounds of the protocol requirements. RFC8200 is specific
> that HBH must be first and there can only be one HBH in a packet. A
> receive path may be implemented assuming these requirements such that
> they never have to consider the possibility of HBH appearing elsewhere
> in a packet. In fact, that is how Linux implemented HBH handling by
> making a special case different from all the other possible next
> headers. Looking at the code, I suspect that if a Linux host receives
> a packet with HBH EH not immediately following the IPv6 header, the
> packet will be dropped as having an unrecognized next header. I don't
> believe this behavior is non-conformant or is inconsistent with
> Postel's law.

FWIW, the benefits of Postel's Law to produce interoperable 
implementations is well known. That said, the same law has been 
challenged in recent times for resulting in increased complexity, 
inconsistent behavior and, ultimately, reduced security.

At the very least, as others have noted, I'd like to know what's the 
problem that relaxing RFC8200 would buy us. Relaxing the spec for no 
concrete reason doesn't seem like a good idea to me.

Thanks,
-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

v2.23.0 | Report a Bug | By Email