IETF Logo Mail Archive

Re: [IPv6] I-D Action: draft-ietf-6man-comp-rtg-hdr-00.txt

Ron Bonica <rbonica@juniper.net> Mon, 01 January 2024 16:04 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF76EC14F6B4 for <ipv6@ietfa.amsl.com>; Mon, 1 Jan 2024 08:04:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="b0AU9bP6"; dkim=pass (1024-bit key) header.d=juniper.net header.b="kz9fWdeV"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NMfpESWRMTJ1 for <ipv6@ietfa.amsl.com>; Mon, 1 Jan 2024 08:03:59 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A8EBC14F6AA for <ipv6@ietf.org>; Mon, 1 Jan 2024 08:03:59 -0800 (PST)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 401Ek2oi027260; Mon, 1 Jan 2024 08:03:58 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h= from:to:subject:date:message-id:references:in-reply-to :content-type:content-transfer-encoding:mime-version; s=PPS1017; bh=nBVagAvCj2voKcvl4z2vKyNqigZYa6LI45vgZzOZvuw=; b=b0AU9bP6vLOW P3MOWAr85Enxvw6qi1ZRh3wnFAqDCWmFdvJ6r7We0kDQRkVrf3QJ98QloDo66sxs R1/oPwEUg2ismH08OYFoP3P0OZECC70p0YBtIx7cccfXw1vafdmtU1ZaFNkJq2iU BENMaUNsaIs4C11BRGIJu8nlsV7SIiJjCazQnhwk1IUinm3XarBbAKVYDygEToP/ 3mTmwuRdyy0rBNLRElsu33yoI9WFhDh1HqlQ8kX8LnqmtdmF0J5RW12nhkDuk9ax ILA6x6U8gd9w/TTcpHLoCONcRW9ZwQH7UzsEHdtIHu5ERFvrQIaWWm2GUBdTQFdy uEtI2vLVrg==
Received: from co1pr02cu002.outbound.protection.outlook.com (mail-westus2azlp17010005.outbound.protection.outlook.com [40.93.10.5]) by mx0a-00273201.pphosted.com (PPS) with ESMTPS id 3vak3nja3m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 01 Jan 2024 08:03:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=loG+fqG8jRSzIHGZRmNBa6t4+gNzCAfT90gd7ISMlyLNrmtU8u+ObyYHdqT07wHiS85pp2rKvINcQzPsE5k6xY4U5PikaPbt58d+X00LXaLd4FERxj0PTeaIfT8nmXkuSi3t8SKAZBztrqI6PdqNJ7rrOm24pUh0IZgJt5KM5hoxg38rY/ci6+OQd6V/7N3MvIzcBCGKQzjif8absMrBqRR18zULvN3VISmZjUBW6fvK0lUOCw7LmYoWB+jCF20alYlOSzNNjMILqELQsFGKT+HTAV/ukoAjBUVzwisuB17sMbTVK6oUkh6Ry81GvZ1EX3zGc0jQdtLHuf0nB7Y0sA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nBVagAvCj2voKcvl4z2vKyNqigZYa6LI45vgZzOZvuw=; b=dLzkechQ3pb75VbIuRtjmHMXxdn05fsQGAVpZRYN53t3tfZOvgOtdOo0uBwt21q1hPtlWNVB1QK5Jws1euSy6fe7Sf4LX2ck/eASCD/Y5on+TT/K/0ADvwnUFKQXA85BqW/WrB8QkZ7bcHRmRzruABvJ5OQOBJsOc7knbNUozgXP8hDDEZ67C2s6QyszEfls+tjRH062Q9OmgmjNmTXx47wvGFERLBonOiyn13MJqcubdiP5jBQT/+PlYE/sAdw9ERO6UvimYO/nhkz5WZ280eedHubCm+M6mjMvvDbKCevl/tKzi2nz8EvSaKUewU8zynCqFapeYla2s4gFZ1eBHA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nBVagAvCj2voKcvl4z2vKyNqigZYa6LI45vgZzOZvuw=; b=kz9fWdeV3ZC/x5TOC091xMKvgHrfK1kx89AYorEAPDygrBlyGlBTmqI3zlYqzOp8tfN3+PWMkfqrO0MrjUHgb54IRn5denP5kaMjbMDnliCG4vd/7AKj79VC+kHu6r1LS3bUSAMwdpCb5fUqgquiMDgZULaq+MEZ9cX32dSsbCE=
Received: from BL0PR05MB5316.namprd05.prod.outlook.com (2603:10b6:208:2f::25) by SJ0PR05MB8758.namprd05.prod.outlook.com (2603:10b6:a03:38a::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.24; Mon, 1 Jan 2024 16:03:46 +0000
Received: from BL0PR05MB5316.namprd05.prod.outlook.com ([fe80::ea96:ac1:f1bd:c2d7]) by BL0PR05MB5316.namprd05.prod.outlook.com ([fe80::ea96:ac1:f1bd:c2d7%4]) with mapi id 15.20.7135.023; Mon, 1 Jan 2024 16:03:45 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, 6man <ipv6@ietf.org>
Thread-Topic: [IPv6] I-D Action: draft-ietf-6man-comp-rtg-hdr-00.txt
Thread-Index: AQHaHBoliX5B4tdhLUOGHWMXmjvAF7CEDmAAgEFORRA=
Date: Mon, 01 Jan 2024 16:03:45 +0000
Message-ID: <BL0PR05MB53164FA6956771FB8CD20E0CAE62A@BL0PR05MB5316.namprd05.prod.outlook.com>
References: <170053011333.32052.5706592547401850235@ietfa.amsl.com> <270d8285-188a-5f1f-59e6-4dbca44e0a8a@gmail.com>
In-Reply-To: <270d8285-188a-5f1f-59e6-4dbca44e0a8a@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=b5189d9c-516f-4478-a6d7-1c4f2b9e5d64; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=0; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2024-01-01T15:51:46Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BL0PR05MB5316:EE_|SJ0PR05MB8758:EE_
x-ms-office365-filtering-correlation-id: bb6664c7-470d-4126-c435-08dc0ae33b96
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: NeONroSDgwDyV3piZNTyRkBjWARBWMBn3V0OgDpI4o3fo/tQDye7zFaz7I07B2jdSASnssEFC8Uai0EPT6LMB1wBi+v96miCm4Bl4AA52WmxiJgFxjEeFMFcYAtvgvepZf+5TZsN0KU2aEHfLPrvNBuUJO8oKNEsKCggNacrSqCYRU1Fu7hOS3tEiV8ppehgPO+PvtftmHIPg72VjdVoBRNSzEFcMFICbRv2pUO5yHxH6A7KHb6ivSdPHfDfAVrgy07RcsJ4qBLJ3dlR/YHusqsfwfGHa1/vHJ5F1oHTq+m/sxNxBWmkFFcHZPvR0VrNoVQFvAYJCed4u99o+k0FP3KR1yFxl6dt6tY3xiRsN1srlo1mPruns8SIdoxTXxmzIqhLMXJCqWBMRcryDgTz8poUlbOPhF12S6CnVtVY10ilmFuvMr0SpyZWUm/JZt2R5p3Qfnu/y0NBdZ5u484hfltARr0XgkqVgZ6fMuWlXnX7qPu3aQotLiKmxhBat3V3ym16L/KyZQnUijxCQ5Xq7wfpTjtThYh6h/Ve7vPO6sRp/f1kXaJV1rfquzlffmJH7ZRqHzBt24w+NATWloBFRmlDimfLqOspo0H9UTSutNtUp5iGIzzNGud7eiKvPAKTtbhNB7WWr6esI3tXSVC4DmNKvDqFTqlvsxkLyvGFy56THU959VyzW7b/3qdumgtw
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR05MB5316.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(39860400002)(396003)(136003)(376002)(366004)(230273577357003)(230922051799003)(230173577357003)(451199024)(1800799012)(186009)(64100799003)(4001150100001)(2906002)(5660300002)(38070700009)(41300700001)(55016003)(122000001)(966005)(478600001)(38100700002)(33656002)(66574015)(83380400001)(71200400001)(6506007)(9686003)(7696005)(53546011)(8936002)(8676002)(52536014)(66476007)(66446008)(64756008)(66946007)(76116006)(66556008)(316002)(86362001)(110136005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: NfPDTUay2SJN28u/WvaJxlsgYgTDAuQvrm7KBr/ql/OelwuDtCJf6cvWLOIaORvCyXCTU2jt1jc4kp6jBQ7wjCAN9WyJzfuq9KvyKQbOHQXUq9g9KE9AmCjo14sd/ZsHMPTDTlftlkts26aXUlEU5naSfC8+vnPcJcLqzuKvf8vwEPuud4PkkeiFxDh5QK2+9ebtfDEurcs2FasMxSChrNq2zjOGc7mFI6cjJj6KHmdGKErPoq4wkGRstn0QM+VNU/cZn5QQRsWxf3lLSXQx8g3wYDN7nMGGZYgbCOtOAmPjZO/UNXeiocEXu0F3/PrRWWQb2itbtMseWupEUzkIYGynuTHhXJbfhI7Cylh7D1TnZc5Uv9f5h/jdS3xO0g0HZbvu33V7rjIaX/Gpw+RNJ+dAnE0eeljr3Wc5y0WiSGvA+P/6f95172u7aPrJ+I2lK8n9L2CGEm0nyJfWhyrNOSiETFHmWW56C/nLb0HhmcCSiyHDuqF7/STEOpjgmqmd1v0Wtr13D0DFvP6rVbQgJiRlRmEtlzXLEmF3jrzkZQonBp5orzLJx+uv5kqPTYAra7OhZdrPGXkoXLStpJ2ExFmOh6kWyznl4km33kCZ4omnG8yIst1lf/EVf02/gt79AQoVlODx5lngi51aIQYrmlyMQMua7tMTfxwMQk6LxY14wUDpEtJUjBhRJhldyh4vhpt2rYjz9b6ka8eV4JqjlKiPjPHthZy0EcOF/hlcN9E9Dpb9IU1wA4nf2GQrqATLNXWxfpeOYvB41My77Og2Mj28fGL0mLz72dBu9pinInYkoyLxM0ekbLJZVk+AxSIKiRHa5zYT8h46K8PdxkSSRho+VXP2s0xjIizyiHXVG9nqjgU/Kp4nSLp4U1EkZ/EKBGvygQWdavJz/FXQopULchU9DgKtvrWi/8imf6L5QV/uD+kv+CsUnoxGhfVJWNz9+oHDblBz8dV39BXhZjtCvewJ1P5AHynCMblLwSQzaKWAX5V5I/wfnehi5GMomd6DdzG0hoSodoJP4mr8C7ieZ6PIHsbaA/6R3zXP4z8OB5GBoUz0hNWq6twQ1uH7bj/0+00RdGLfzDZOK+VdV6+cm39RqvO52dGHYeTl34sQvdEOvnL4a17FUV5bTBjUqiVJtRpoRpwXkvjkklP6PxTGqFWwOC+0EVUtKGjWx1cJGs8YIgyzlOOnxpA11BRNOb+xB9dZ2vri9YyL/x7D1Jl1Nmvh0u3YC7Bv58t9OgsP40Z+DZznTTebKk8NRlH0y7f0E4tY5VMwREi4I5TCdzEJXk0YAukXcSpelc+8JRZbQlIOffAqlE/L5Ut7bbnj3mMB6UalCg1azMXdxS1gfBcru59D1ARLW3jPEFxx5QSVfqPFZqnJLer/1cofX39t2OwPz3npd6T/irA87Rhf+W6fiQatXlU3DFMAhppnp6FRc8T40cPdc3O6OSfFEdbdI0QKGJ6yFb0qsZDXZeMew3e7fS1d5f6zpNrK2Yaf6EpKlnI94pRIykRs/OtVCoyL15bzE6GL/AbEBJyJVib16yFjvDX764OJaGauMKAYqCPYhkaDqhQXrEKMG3XRlpYk3LJg9tZK2Ia3spap3KjVRryvWnQSgkMolAT4+xU8apDfbBPK5WTS9CZPWCHIkogDeju1
Content-Type: text/plain; charset="utf-7"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR05MB5316.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bb6664c7-470d-4126-c435-08dc0ae33b96
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Jan 2024 16:03:45.3094 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: w/qoxQG+jbxVB5QeWWGZNEJoF4Oy30mbgxFUbj3H/2Xu5X2QGJT8q+Z9hzhEw3Qz9AiEmtEw1rHWZQ4ZfcKz3w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR05MB8758
X-Proofpoint-GUID: qtWbnCRFEfFzI6vDA4Q5XEWVCfyiSQRf
X-Proofpoint-ORIG-GUID: qtWbnCRFEfFzI6vDA4Q5XEWVCfyiSQRf
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-09_01,2023-12-07_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 adultscore=0 suspectscore=0 spamscore=0 mlxscore=0 phishscore=0 impostorscore=0 priorityscore=1501 malwarescore=0 clxscore=1011 lowpriorityscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2311290000 definitions=main-2401010129
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/gwVPNZgfbJBcUw4PZ6ijlQSGyvU>
Subject: Re: [IPv6] I-D Action: draft-ietf-6man-comp-rtg-hdr-00.txt
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jan 2024 16:04:03 -0000

Brian,

Good point! Could this issue be addressed by adding the following text to the beginning of the Security Considerations Section:

"In this document, a node that processes the CRH is in the same trust domain as another node if one of the following is true:

- Both nodes are operated by the same party.
- Each node is operated by a different party and the two parties maintain a special trust agreement with regard to the CRH."

                                                                                     Ron


Juniper Business Use Only
-----Original Message-----
From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Brian E Carpenter
Sent: Monday, November 20, 2023 9:35 PM
To: 6man <ipv6@ietf.org>
Subject: Re: [IPv6] I-D Action: draft-ietf-6man-comp-rtg-hdr-00.txt

[External Email. Be cautious of content]


Hi,

I am a bit puzzled. The vague referemce to a limited domain has gone, which is fine. But the only thing that relates to that issue is a statement in the Security Considerations that:

"... nodes MUST discard packets containing the CRH when both of the following conditions are true:

The Source Address does not identify an interface on a trusted node.

The Destination Address identifies an interface on the local node."

The term "trusted node" is not defined; in fact there is no discussion whatever of the trust model and how trust is established (and how forged source addresses are avoided). I think the chances of this draft surviving a Security Area review are very small.

Regards
    Brian Carpenter

On 21-Nov-23 14:28, internet-drafts@ietf.org wrote:
> Internet-Draft draft-ietf-6man-comp-rtg-hdr-00.txt is now available.
> It is a work item of the IPv6 Maintenance (6MAN) WG of the IETF.
>
>     Title:   The IPv6 Compact Routing Header (CRH)
>     Authors: Ron Bonica
>              Yuji Kamite
>              Andrew Alston
>              Daniam Henriques
>              Luay Jalil
>     Name:    draft-ietf-6man-comp-rtg-hdr-00.txt
>     Pages:   15
>     Dates:   2023-11-20
>
> Abstract:
>
>     This document describes an experiment in which two new IPv6 Routing
>     headers are implemented and deployed.  Collectively, they are called
>     the Compact Routing Headers (CRH).  Individually, they are called
>     CRH-16 and CRH-32.
>
>     One purpose of this experiment is to demonstrate that the CRH can be
>     implemented and deployed in a production network.  Another purpose is
>     to demonstrate that the security considerations, described in this
>     document, can be addressed with access control lists.  Finally, this
>     document encourages replication of the experiment.
>
> The IETF datatracker status page for this Internet-Draft is:
> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-iet
> f-6man-comp-rtg-hdr/__;!!NEt6yMaO-gk!Dnq7r3LfOi8q0IFBmD_-uJm0oJFDOI9ei
> hzWE6kwewyYJGtgDIeuhjECRYZLVPzb8J2PtvxbLPVv-F8IYGzKnGb-NvQ$
>
> There is also an HTMLized version available at:
> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/draf
> t-ietf-6man-comp-rtg-hdr-00__;!!NEt6yMaO-gk!Dnq7r3LfOi8q0IFBmD_-uJm0oJ
> FDOI9eihzWE6kwewyYJGtgDIeuhjECRYZLVPzb8J2PtvxbLPVv-F8IYGzKOhP9rWU$
>
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/i-d-
> announce__;!!NEt6yMaO-gk!Dnq7r3LfOi8q0IFBmD_-uJm0oJFDOI9eihzWE6kwewyYJ
> GtgDIeuhjECRYZLVPzb8J2PtvxbLPVv-F8IYGzKSF06wGc$
>

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ipv6__;!!NEt6yMaO-gk!Dnq7r3LfOi8q0IFBmD_-uJm0oJFDOI9eihzWE6kwewyYJGtgDIeuhjECRYZLVPzb8J2PtvxbLPVv-F8IYGzKhFPZpvY$
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email