IETF Logo Mail Archive

Re: SRH insertion vs SRH insertion + encapsulation

Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 07 September 2019 23:47 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6708E1201DC; Sat, 7 Sep 2019 16:47:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gic36E3bAI5e; Sat, 7 Sep 2019 16:47:36 -0700 (PDT)
Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E5CE1201DB; Sat, 7 Sep 2019 16:47:36 -0700 (PDT)
Received: by mail-pf1-x431.google.com with SMTP id y72so6816815pfb.12; Sat, 07 Sep 2019 16:47:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=fevWqK6/bLVEOv0tyvv6KLPsI/OL+Gd0GEkEMNKDt8o=; b=YXGe457g2fE80ZAt55ufeqYATQXaYhbEBoV152Cvk7+QC3rL6wQRDN8esjwQGwWTzv TFqJk1wF+Gz74zhXzTdn96DbDH/XojAbk2TuPhFuQ1EfG5uIs0SPxAq2qkiWN1oany83 18DrmdP4aIruxuNJdlDt7a2U0RMnql9BxOTReVVv6wmIa69L/IzCQruO5tYw9zDYSZQt oIU8iZ89Vz1xtf4Pz6pL4YxwcS2rjVWg9YWKvIKgrNu97f8rtEXKs3KMDSjImuS88hqr ofENoTebWxbgxZk4gdWRO7ep4thUFjRJyHUFNLQhixlRoqKK4pF2Slt0X+HcyE4pMITl /gnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=fevWqK6/bLVEOv0tyvv6KLPsI/OL+Gd0GEkEMNKDt8o=; b=KZHVT8AP93L17HWzc5BGTc+iHuFWWnmgD5pU9xSLWTPbTbxIHHdBlzLz/kArs3LUNe TZHJXnbWfYe+WwlO6131MWz6bDo2RPLyQmJsLl3/0DNADTr1KWUDljxBX+Eg3KgWq0LI neXYYb+vkZX0lab7mAyVVy5huGV3PHAbF+TLVc6H706/zDekvb1Pkm52tOZI2PegWQpA 89TRz3fzUvC59tRdDBAgjTAbbKhNjG268WU8OWhNe78n925efTAqbeHOXx4OfFPRTb5v Rr32UEoeQO8zJ+KmDnQJ5ZPUoAnv4SONbhgzE+5ULFIg7tNIW7NT45+j5L5VMHOGqCyW 28fA==
X-Gm-Message-State: APjAAAXsgVL4A33MgsXZ6YHWKLrpSFnQ6nO35cEKpHUP0VmZMdI6SUJc fbCfgp4cSx5XXM98tIeE5UGk1J/S
X-Google-Smtp-Source: APXvYqz6e89CZxf4cjjg4kd9v6sP2UmJq7a8bjhghm5tuMDEpbOVAggiwkEbI2V2cfvXT9Ak0uMGNA==
X-Received: by 2002:a17:90a:e651:: with SMTP id ep17mr17653299pjb.59.1567900055530; Sat, 07 Sep 2019 16:47:35 -0700 (PDT)
Received: from [192.168.178.30] (82.206.69.111.dynamic.snap.net.nz. [111.69.206.82]) by smtp.gmail.com with ESMTPSA id v66sm12520848pfv.79.2019.09.07.16.47.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 07 Sep 2019 16:47:34 -0700 (PDT)
Subject: Re: SRH insertion vs SRH insertion + encapsulation
To: Fernando Gont <fgont@si6networks.com>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, Robert Raszuk <robert@raszuk.net>, Mark Smith <markzzzsmith@gmail.com>
Cc: draft-voyer-6man-extension-header-insertion <draft-voyer-6man-extension-header-insertion@ietf.org>, "6man@ietf.org" <6man@ietf.org>
References: <CAOj+MMETQa=OfovZak35VfnY+T6qzU9BxAhmFMXz1b7kSppyQg@mail.gmail.com> <CAO42Z2xMWN92m7iiLiEW2AFCx0iCMGAa_BvsRwzCzb_BnuzWhA@mail.gmail.com> <CAOj+MMGOKUjRFFq8Y977OV47x6qtCvSUixQh-7sgwAQidrtdPw@mail.gmail.com> <BYAPR05MB5463306B3328F460C2417764AEB50@BYAPR05MB5463.namprd05.prod.outlook.com> <49dd15de-3985-babe-028a-6f2ac9bbe76b@si6networks.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <45941268-1040-0c0f-0452-f9adbc391611@gmail.com>
Date: Sun, 08 Sep 2019 11:47:31 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <49dd15de-3985-babe-028a-6f2ac9bbe76b@si6networks.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/cgy22D-TN0NG2IE1zZF49P9CCks>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Sep 2019 23:47:39 -0000

Hi Fernando,

On 08-Sep-19 11:11, Fernando Gont wrote:
> On 8/9/19 01:52, Ron Bonica wrote:
> [...]
>>  
>>
>> IMHO, EH insertion modifies the semantics of the IPv6 source address.
>> Today, the IPv6 source address indicates the source of an IP packet and
>> **ALL** of its contents. If transit routers are allowed to insert
>> extension headers, downstream routers can no longer identify the source
>> of a packet and all of its contents.>
>>  
>>
>> Granted, in some cases, transit routers are allowed to modify a packet
>> (e.g., Hop Count, DHCP, mutable options). But there is a big difference
>> between changing a field whose value is know to me mutable and inserting
>> a new option.
> 
> Indeed, it's a major modification (besides the associated issues that
> have been pointed out a number of times by several folks).

It's explicitly forbidden by RFC8200 plus the fact that option length is
immutable according to IPsec. So the issue is pretty black and white
in terms of the standards track.

> That's why I think it's not even in the scope of 6man.

6man "is not chartered to develop major changes or additions
to the IPv6 specifications." Of course it's a matter of judgment,
but I agree that changing this is "major".

Look, this is one of the reasons we wrote
https://tools.ietf.org/html/draft-carpenter-limited-domains
which is currently being considered as an Independent Submission.
If the community wants to standardise mechanisms that are *not*
intended to work across the open Internet, we need to make that
clear, and specify how it works safely and securely. That's a
community choice, not a WG choice, IMHO.

Regards
   Brian

v2.23.0 | Report a Bug | By Email