IETF Logo Mail Archive

Re: [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic Fragments

David Farmer <farmer@umn.edu> Fri, 19 November 2021 16:26 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 949693A07D8 for <ipv6@ietfa.amsl.com>; Fri, 19 Nov 2021 08:26:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jq558r3FGaYM for <ipv6@ietfa.amsl.com>; Fri, 19 Nov 2021 08:26:30 -0800 (PST)
Received: from mta-p5.oit.umn.edu (mta-p5.oit.umn.edu [134.84.196.205]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A32E3A07FF for <ipv6@ietf.org>; Fri, 19 Nov 2021 08:26:29 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mta-p5.oit.umn.edu (Postfix) with ESMTP id 4Hwhr43B3vz9vBt2 for <ipv6@ietf.org>; Fri, 19 Nov 2021 16:26:28 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p5.oit.umn.edu ([127.0.0.1]) by localhost (mta-p5.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b2Jaw4ye6bZd for <ipv6@ietf.org>; Fri, 19 Nov 2021 10:26:28 -0600 (CST)
Received: from mail-yb1-f199.google.com (mail-yb1-f199.google.com [209.85.219.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p5.oit.umn.edu (Postfix) with ESMTPS id 4Hwhr40WdDz9vHf3 for <ipv6@ietf.org>; Fri, 19 Nov 2021 10:26:26 -0600 (CST)
DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p5.oit.umn.edu 4Hwhr40WdDz9vHf3
DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p5.oit.umn.edu 4Hwhr40WdDz9vHf3
Received: by mail-yb1-f199.google.com with SMTP id r18-20020a25ac52000000b005c9047c420bso16259901ybd.4 for <ipv6@ietf.org>; Fri, 19 Nov 2021 08:26:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/YWZafj1B8oI9J5hLKZY2FDYX3Z5ur67SSz1+se8OS0=; b=l5wvJ+45+A5fxZXCgwoLTEeW6DfoZli6eG3MVKS5Lr9Xu7JXmF31kWZopUPcpzWUEk oedGeq66BMyew4FVgWu7l1D3X7EP3q2QNwkMpajMOh5O56WU5rZgW5egr3iT+VoNEUCb ZBAE9wgMpD0Xk5IRnJ7BXLW2dJoFcblR+f8tnQz6zNXTVz2TBRaovbXJcSTHlxZGyfuB GZ9Z5SD3FHLfbs4Hm5iR7qchzWQjcZDRy61Wgc2p83Fn1A6l9ofBMZFwRVdV6DiV/3um mJMguOVpMS0iMy2giPNpS5sKNgravWgI/XEdZ5CaTB3H42ZH4cNyg7rxos0X5y1KUSN6 WhMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/YWZafj1B8oI9J5hLKZY2FDYX3Z5ur67SSz1+se8OS0=; b=wom5N0zUtU9Igk96vlrJSGZWgIylQg2D5/nkG/wT+thck7u80GSkbaKNx/fc9Hkwlu E+PX4a1gSPnWoIhs8O2zC4fbARfqf7ETklEuBrT8SBogQ8UtKlYGlC/6Uzv0vIcHfyPC m85G7QB8y79vpgBLVkMGkYNHQtUHKQWzE3674FGcrZxNfVj3yQoVE7Q5rwX/qlc9nxm1 gfXOEfHX9rUhqhV5IuN9CEFscLn449Z3bVP8fPzLr8qiDxh53VK8X1lekWvofUZLpDub WGfknFYRriavvMAE1ZY462vbRmpYaJLKP6Ul78G0PFcsaDpk7fmUZjbqoIiqpSNG0kPE wbPw==
X-Gm-Message-State: AOAM531OadWChv12R2RauGTGv4mG1eVyDwCJu4LOX9itZfYq7KDMf189 pRI+Czidtz7rW5qypbLrCVGMRTEvxTSOJ0l+MbUnKsTtHdrsYj9iceNert6N9OiUkwN6n6IGzne vTeSeTdaCDzLN/b1eLe0nMQ3d
X-Received: by 2002:a25:2a03:: with SMTP id q3mr37763286ybq.55.1637339185318; Fri, 19 Nov 2021 08:26:25 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxGM3vv9P2u8YEYNpF7D9h4NgL82UY53TCes1iHBIru3ofWxynYCCZjstNUmXjoSNk3mBrF3HRg37puk+aDxC4=
X-Received: by 2002:a25:2a03:: with SMTP id q3mr37763241ybq.55.1637339184956; Fri, 19 Nov 2021 08:26:24 -0800 (PST)
MIME-Version: 1.0
References: <01510cc3c19b4b4b8cef41357c975fd9@boeing.com> <CAO42Z2zitj2mOzj80G_SUfukg551A64n9HnOcC2-ukCta4Ohaw@mail.gmail.com> <986ef062d3874a3caf9fbf19dbf55350@boeing.com>
In-Reply-To: <986ef062d3874a3caf9fbf19dbf55350@boeing.com>
From: David Farmer <farmer@umn.edu>
Date: Fri, 19 Nov 2021 10:26:09 -0600
Message-ID: <CAN-Dau35aE1Fh3r53NbTOmv3NaTXsmWfGiAkC1Nw2gc+4mZ0tw@mail.gmail.com>
Subject: Re: [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic Fragments
To: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, IPv6 List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007f1deb05d126bcb3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/e2AHvNzLWM8yKHuk0cbGQIl3964>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Nov 2021 16:26:35 -0000

Well, then put it in your AERO/OMNI header, don't overload the
fragmentation header with it.

On Fri, Nov 19, 2021 at 10:18 AM Templin (US), Fred L <
Fred.L.Templin@boeing.com> wrote:

> I am sorry Mark, but this is not AH – the AERO/OMNI identification
> mechanism
>
> is modeled after the way TCP peers negotiate sequence number windows, with
>
> the expectation that the peers may renegotiate sequence numbers frequently
> to
>
> keep the attack surface unpredictable. Please do not make blanket
> statements
>
> without reading documents.
>
>
>
> Fred
>
>
>
> *From:* Mark Smith [mailto:markzzzsmith@gmail.com]
> *Sent:* Friday, November 19, 2021 7:53 AM
> *To:* Templin (US), Fred L <Fred.L.Templin@boeing.com>
> *Cc:* Nick Hilliard <nick@foobar.org>; IPv6 List <ipv6@ietf.org>
> *Subject:* [EXTERNAL] Re: Transmission of IPv6 Jumbograms as Atomic
> Fragments
>
>
>
> EXT email: be mindful of links/attachments.
>
>
>
>
>
>
> On Sat, 20 Nov 2021, 02:32 Templin (US), Fred L, <
> Fred.L.Templin@boeing.com> wrote:
>
> Thanks Mark, but I don’t want AH; I want AERO/OMNI. I want the
> Identifications to serve
>
> the dual purpose of supporting the fragmentation/reassembly process and
> providing an
>
> in-window value that recipients can use to detect spurious packets. And, I
> want the same
>
> mechanism used for packets of all sizes, up to and including jumbos.
>
>
>
> AH + JG
>
>
>
> Done. No reinventing wheels.
>
>
>
>
>
> Fred
>
>
>
> *From:* Mark Smith [mailto:markzzzsmith@gmail.com]
> *Sent:* Thursday, November 18, 2021 4:11 PM
> *To:* Templin (US), Fred L <Fred.L.Templin@boeing.com>
> *Cc:* Nick Hilliard <nick@foobar.org>; IPv6 List <ipv6@ietf.org>
> *Subject:* Re: Transmission of IPv6 Jumbograms as Atomic Fragments
>
>
>
> On Fri, 19 Nov 2021, 07:12 Templin (US), Fred L, <
> Fred.L.Templin@boeing.com> wrote:
>
> Nick,
>
> > Do you have a use case in mind for the ID field?
>
> Thank you for this timely question. I just got done posting a major update
> to the
> draft, which now is titled: "IPv6 Packet Identification" and considers all
> forms of
> IPv6 packets and not just Jumbograms. In answer to your question here is
> the new
> Section 2 text from the draft (link provided below):
>
> "2.  IPv6 Packet Identification
>
>    When IPv6 sources and destinations have some way of maintaining
>    "windows" of acceptable Identification values, the destination may be
>    able to examine received packet Identifications to determine whether
>    they likely originated from the source.
>
>
>
> This seems to be describing the sequence number verification used in IPsec
> AH per RFC 4302.
>
>
>
> It may be worth either just using AH as is, and getting all of its other
> benefits, or look at creating a simplified version of it rather than
> modifying the jumbogram EH to start duplicating existing AH functionality.
>
>
>
> According to RFC 4302 there are a range of reserved SPI values (1 through
> 255), you could use one of those to indicate a light weight version of AH
> that just does packet identification, avoiding the need to set up Security
> Associations with IKE.
>
>
>
> Regards,
>
> Mark.
>
>
>
> The AERO
>    [I-D.templin-6man-aero] and OMNI [I-D.templin-6man-omni]
>    specifications discuss methods for maintaining windows of
>    unpredictable values that may reduce attack profiles in some
>    environments."
>
> Thanks, and here is the draft URL:
>
> https://datatracker.ietf.org/doc/draft-templin-6man-jumbofrag/
>
> Fred
>
> > -----Original Message-----
> > From: Nick Hilliard [mailto:nick@foobar.org]
> > Sent: Thursday, November 18, 2021 9:16 AM
> > To: Templin (US), Fred L <Fred.L.Templin@boeing.com>
> > Cc: IPv6 List <ipv6@ietf.org>
> > Subject: Re: Transmission of IPv6 Jumbograms as Atomic Fragments
> >
> >
> > Templin (US), Fred L wrote on 18/11/2021 15:23:
> > > Bob, what I want is exactly the Identification field that is found in
> the Fragment Header
> > > while simply leaving the rest of the fields of that header set to 0
> >
> > Do you have a use case in mind for the ID field?
> >
> > Nick
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>


-- 
===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email