Re: [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic Fragments
David Farmer <farmer@umn.edu> Fri, 19 November 2021 16:26 UTC
Return-Path: <farmer@umn.edu>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 949693A07D8 for <ipv6@ietfa.amsl.com>; Fri, 19 Nov 2021 08:26:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jq558r3FGaYM for <ipv6@ietfa.amsl.com>; Fri, 19 Nov 2021 08:26:30 -0800 (PST)
Received: from mta-p5.oit.umn.edu (mta-p5.oit.umn.edu [134.84.196.205]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A32E3A07FF for <ipv6@ietf.org>; Fri, 19 Nov 2021 08:26:29 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mta-p5.oit.umn.edu (Postfix) with ESMTP id 4Hwhr43B3vz9vBt2 for <ipv6@ietf.org>; Fri, 19 Nov 2021 16:26:28 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p5.oit.umn.edu ([127.0.0.1]) by localhost (mta-p5.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b2Jaw4ye6bZd for <ipv6@ietf.org>; Fri, 19 Nov 2021 10:26:28 -0600 (CST)
Received: from mail-yb1-f199.google.com (mail-yb1-f199.google.com [209.85.219.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p5.oit.umn.edu (Postfix) with ESMTPS id 4Hwhr40WdDz9vHf3 for <ipv6@ietf.org>; Fri, 19 Nov 2021 10:26:26 -0600 (CST)
DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p5.oit.umn.edu 4Hwhr40WdDz9vHf3
DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p5.oit.umn.edu 4Hwhr40WdDz9vHf3
Received: by mail-yb1-f199.google.com with SMTP id r18-20020a25ac52000000b005c9047c420bso16259901ybd.4 for <ipv6@ietf.org>; Fri, 19 Nov 2021 08:26:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/YWZafj1B8oI9J5hLKZY2FDYX3Z5ur67SSz1+se8OS0=; b=l5wvJ+45+A5fxZXCgwoLTEeW6DfoZli6eG3MVKS5Lr9Xu7JXmF31kWZopUPcpzWUEk oedGeq66BMyew4FVgWu7l1D3X7EP3q2QNwkMpajMOh5O56WU5rZgW5egr3iT+VoNEUCb ZBAE9wgMpD0Xk5IRnJ7BXLW2dJoFcblR+f8tnQz6zNXTVz2TBRaovbXJcSTHlxZGyfuB GZ9Z5SD3FHLfbs4Hm5iR7qchzWQjcZDRy61Wgc2p83Fn1A6l9ofBMZFwRVdV6DiV/3um mJMguOVpMS0iMy2giPNpS5sKNgravWgI/XEdZ5CaTB3H42ZH4cNyg7rxos0X5y1KUSN6 WhMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/YWZafj1B8oI9J5hLKZY2FDYX3Z5ur67SSz1+se8OS0=; b=wom5N0zUtU9Igk96vlrJSGZWgIylQg2D5/nkG/wT+thck7u80GSkbaKNx/fc9Hkwlu E+PX4a1gSPnWoIhs8O2zC4fbARfqf7ETklEuBrT8SBogQ8UtKlYGlC/6Uzv0vIcHfyPC m85G7QB8y79vpgBLVkMGkYNHQtUHKQWzE3674FGcrZxNfVj3yQoVE7Q5rwX/qlc9nxm1 gfXOEfHX9rUhqhV5IuN9CEFscLn449Z3bVP8fPzLr8qiDxh53VK8X1lekWvofUZLpDub WGfknFYRriavvMAE1ZY462vbRmpYaJLKP6Ul78G0PFcsaDpk7fmUZjbqoIiqpSNG0kPE wbPw==
X-Gm-Message-State: AOAM531OadWChv12R2RauGTGv4mG1eVyDwCJu4LOX9itZfYq7KDMf189 pRI+Czidtz7rW5qypbLrCVGMRTEvxTSOJ0l+MbUnKsTtHdrsYj9iceNert6N9OiUkwN6n6IGzne vTeSeTdaCDzLN/b1eLe0nMQ3d
X-Received: by 2002:a25:2a03:: with SMTP id q3mr37763286ybq.55.1637339185318; Fri, 19 Nov 2021 08:26:25 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxGM3vv9P2u8YEYNpF7D9h4NgL82UY53TCes1iHBIru3ofWxynYCCZjstNUmXjoSNk3mBrF3HRg37puk+aDxC4=
X-Received: by 2002:a25:2a03:: with SMTP id q3mr37763241ybq.55.1637339184956; Fri, 19 Nov 2021 08:26:24 -0800 (PST)
MIME-Version: 1.0
References: <01510cc3c19b4b4b8cef41357c975fd9@boeing.com> <CAO42Z2zitj2mOzj80G_SUfukg551A64n9HnOcC2-ukCta4Ohaw@mail.gmail.com> <986ef062d3874a3caf9fbf19dbf55350@boeing.com>
In-Reply-To: <986ef062d3874a3caf9fbf19dbf55350@boeing.com>
From: David Farmer <farmer@umn.edu>
Date: Fri, 19 Nov 2021 10:26:09 -0600
Message-ID: <CAN-Dau35aE1Fh3r53NbTOmv3NaTXsmWfGiAkC1Nw2gc+4mZ0tw@mail.gmail.com>
Subject: Re: [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic Fragments
To: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, IPv6 List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007f1deb05d126bcb3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/e2AHvNzLWM8yKHuk0cbGQIl3964>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Nov 2021 16:26:35 -0000
Well, then put it in your AERO/OMNI header, don't overload the fragmentation header with it. On Fri, Nov 19, 2021 at 10:18 AM Templin (US), Fred L < Fred.L.Templin@boeing.com> wrote: > I am sorry Mark, but this is not AH – the AERO/OMNI identification > mechanism > > is modeled after the way TCP peers negotiate sequence number windows, with > > the expectation that the peers may renegotiate sequence numbers frequently > to > > keep the attack surface unpredictable. Please do not make blanket > statements > > without reading documents. > > > > Fred > > > > *From:* Mark Smith [mailto:markzzzsmith@gmail.com] > *Sent:* Friday, November 19, 2021 7:53 AM > *To:* Templin (US), Fred L <Fred.L.Templin@boeing.com> > *Cc:* Nick Hilliard <nick@foobar.org>; IPv6 List <ipv6@ietf.org> > *Subject:* [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic > Fragments > > > > EXT email: be mindful of links/attachments. > > > > > > > On Sat, 20 Nov 2021, 02:32 Templin (US), Fred L, < > Fred.L.Templin@boeing.com> wrote: > > Thanks Mark, but I don’t want AH; I want AERO/OMNI. I want the > Identifications to serve > > the dual purpose of supporting the fragmentation/reassembly process and > providing an > > in-window value that recipients can use to detect spurious packets. And, I > want the same > > mechanism used for packets of all sizes, up to and including jumbos. > > > > AH + JG > > > > Done. No reinventing wheels. > > > > > > Fred > > > > *From:* Mark Smith [mailto:markzzzsmith@gmail.com] > *Sent:* Thursday, November 18, 2021 4:11 PM > *To:* Templin (US), Fred L <Fred.L.Templin@boeing.com> > *Cc:* Nick Hilliard <nick@foobar.org>; IPv6 List <ipv6@ietf.org> > *Subject:* Re: Transmission of IPv6 Jumbograms as Atomic Fragments > > > > On Fri, 19 Nov 2021, 07:12 Templin (US), Fred L, < > Fred.L.Templin@boeing.com> wrote: > > Nick, > > > Do you have a use case in mind for the ID field? > > Thank you for this timely question. I just got done posting a major update > to the > draft, which now is titled: "IPv6 Packet Identification" and considers all > forms of > IPv6 packets and not just Jumbograms. In answer to your question here is > the new > Section 2 text from the draft (link provided below): > > "2. IPv6 Packet Identification > > When IPv6 sources and destinations have some way of maintaining > "windows" of acceptable Identification values, the destination may be > able to examine received packet Identifications to determine whether > they likely originated from the source. > > > > This seems to be describing the sequence number verification used in IPsec > AH per RFC 4302. > > > > It may be worth either just using AH as is, and getting all of its other > benefits, or look at creating a simplified version of it rather than > modifying the jumbogram EH to start duplicating existing AH functionality. > > > > According to RFC 4302 there are a range of reserved SPI values (1 through > 255), you could use one of those to indicate a light weight version of AH > that just does packet identification, avoiding the need to set up Security > Associations with IKE. > > > > Regards, > > Mark. > > > > The AERO > [I-D.templin-6man-aero] and OMNI [I-D.templin-6man-omni] > specifications discuss methods for maintaining windows of > unpredictable values that may reduce attack profiles in some > environments." > > Thanks, and here is the draft URL: > > https://datatracker.ietf.org/doc/draft-templin-6man-jumbofrag/ > > Fred > > > -----Original Message----- > > From: Nick Hilliard [mailto:nick@foobar.org] > > Sent: Thursday, November 18, 2021 9:16 AM > > To: Templin (US), Fred L <Fred.L.Templin@boeing.com> > > Cc: IPv6 List <ipv6@ietf.org> > > Subject: Re: Transmission of IPv6 Jumbograms as Atomic Fragments > > > > > > Templin (US), Fred L wrote on 18/11/2021 15:23: > > > Bob, what I want is exactly the Identification field that is found in > the Fragment Header > > > while simply leaving the rest of the fields of that header set to 0 > > > > Do you have a use case in mind for the ID field? > > > > Nick > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -- =============================================== David Farmer Email:farmer@umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
- Transmission of IPv6 Jumbograms as Atomic Fragmen… Templin (US), Fred L
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Brian E Carpenter
- RE: [EXTERNAL] Re: Transmission of IPv6 Jumbogram… Templin (US), Fred L
- Re: [EXTERNAL] Re: Transmission of IPv6 Jumbogram… David Farmer
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Templin (US), Fred L
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Michael Richardson
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Bob Hinden
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Justin Iurman
- RE: Transmission of IPv6 Jumbograms as Atomic Fra… Templin (US), Fred L
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Bob Hinden
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Justin Iurman
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Philip Homburg
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Nick Hilliard
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Templin (US), Fred L
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Mark Smith
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Brian E Carpenter
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Justin Iurman
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Templin (US), Fred L
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Tom Herbert
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Mark Smith
- RE: [EXTERNAL] Re: Transmission of IPv6 Jumbogram… Templin (US), Fred L
- Re: [EXTERNAL] Re: Transmission of IPv6 Jumbogram… David Farmer
- RE: [EXTERNAL] Re: Transmission of IPv6 Jumbogram… Templin (US), Fred L
- Re: [EXTERNAL] Re: Transmission of IPv6 Jumbogram… Mark Smith
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Carsten Bormann
- RE: [EXTERNAL] Re: Transmission of IPv6 Jumbogram… Templin (US), Fred L
- Re: [EXTERNAL] Re: Transmission of IPv6 Jumbogram… Nick Hilliard
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Brian E Carpenter
- Re: Transmission of IPv6 Jumbograms as Atomic Fra… Templin (US), Fred L
- RE: Transmission of IPv6 Jumbograms as Atomic Fra… Templin (US), Fred L