IETF Logo Mail Archive

Re: Next steps on Extension Header Insertion

otroan@employees.org Thu, 03 November 2016 12:54 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A905129457 for <ipv6@ietfa.amsl.com>; Thu, 3 Nov 2016 05:54:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.962
X-Spam-Level: *
X-Spam-Status: No, score=1.962 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_SORBS_WEB=3.297, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=employees.org; domainkeys=pass (1024-bit key) header.from=otroan@employees.org header.d=employees.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gAhwzraViM7C for <ipv6@ietfa.amsl.com>; Thu, 3 Nov 2016 05:54:29 -0700 (PDT)
Received: from inbound03.kjsl.com (inbound03.kjsl.com [IPv6:2001:1868:a100:131::62]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 017AC129418 for <ipv6@ietf.org>; Thu, 3 Nov 2016 05:54:28 -0700 (PDT)
Received: from cowbell.employees.org ([65.50.211.142]) by ironport03.kjsl.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Nov 2016 12:54:28 +0000
Received: from cowbell.employees.org (localhost [127.0.0.1]) by cowbell.employees.org (Postfix) with ESMTP id A5F329CC7C; Thu, 3 Nov 2016 05:54:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s= selector1; bh=GpXK74RllnMzEa6Odus9Ehrv4qM=; b=I9x3S/0RWU7YBRwXcW hiinVJQy1g6mHzD0TjnE4BcPiIyVHQ4cTQN/qxhBzzbdqlBahdFPHl14IdyRtT1q u/gMO5TVwHe7MhFV/DF/KLNjFswcg0Oix0JOwRZMSYzXUGaWesVwyOrWK2CXDrV2 Vmy4f/4z3a4JhPjYWA+aqM2eM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; q=dns; s= selector1; b=Dn6sgukLNsQ2Cv8MYHu3UFeCDi0MLPnT65czpnCaLRf5dLPPrQD waXZdnjYVCaTaP2fRtBcq1JF+x7qvMj8SJo+HSrrwH9F3isaZWFTKwE6NUnoyxBB 6zEdQwndkearDkLvOnTscAXXt518tyYAtuHn2mmBhif5KaQSA/Oi10bA=
Received: from h.hanazo.no (unknown [85.19.205.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: otroan) by cowbell.employees.org (Postfix) with ESMTPSA id 6894A9CC0F; Thu, 3 Nov 2016 05:54:27 -0700 (PDT)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by h.hanazo.no (Postfix) with ESMTP id EBE7B593F4BC; Thu, 3 Nov 2016 13:54:24 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
Subject: Re: Next steps on Extension Header Insertion
From: otroan@employees.org
In-Reply-To: <53FE6D80-040F-42DA-BA51-F3A40ABF248F@steffann.nl>
Date: Thu, 03 Nov 2016 13:54:24 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <5FA646CC-DD40-4D20-A6C5-AF1D5D90E563@employees.org>
References: <B291E9E6-A803-423F-BFA5-87A74DCFB784@gmail.com> <dfe00826-1bcd-80ae-e6dc-7763c506cbe4@si6networks.com> <9CA73891-B4FA-47DF-82E1-A4867DBC6A3F@steffann.nl> <3C56AA77-18E4-4254-BB6A-A447CE115392@employees.org> <CAG6TeAtJdUua3saSGz0SX7DW6hwf74yAexpnfYoP1bg6v1eywA@mail.gmail.com> <17984D1D-1A3C-4AA5-B2EC-BE5C645A272C@steffann.nl> <369FB219-9979-43CE-B83D-D7C422FC7711@employees.org> <53FE6D80-040F-42DA-BA51-F3A40ABF248F@steffann.nl>
To: Sander Steffann <sander@steffann.nl>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/i0JbbHC5ACQCcMNceBH0JtW2z7A>
Cc: Fernando Gont <fgont@si6networks.com>, Bob Hinden <bob.hinden@gmail.com>, 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 12:54:31 -0000

Sander,

> 
>> To paraphrase Michael Moore: "If you as a man is against gay marriage, then you do have the option of not marrying another man".
> 
> Everybody is fully entitled to their own way of life and love :)  But the analogy doesn't fit...
> 
>> In this context; you have the choice of not deploying any packet mangling middleboxes.
> 
> If the mangled packets can be contained in one administrative domain then that's fine. I think that this is the point where the disagreement starts. Standards are about interoperability: everything that goes beyond your administrative domain. I don't care what people do to packets on their network, as long as interoperability doesn't suffer: as long as other operators don't even notice.
> 
> So I think the standard should say "this is what externally observable behaviour should/must be" with the understanding that "if you deviate from the standard internally, you must make sure the rest of the world doesn't notice".
> 
> I think that's what interoperability is about: your network, your rules, but between networks we use standards-based IPv6.

What you are saying is something like:

"The IPv6 header fields described as immutable in RFC4302 MUST NOT be changed by the network. If within an administrative domain any of the immutable fields are changed, they MUST be restored on exit from the domain."

Correct?

Cheers,
Ole

PS: As an operator would you be happy if I sent packets with NH=59, SA=:: with an integrity check covering all fields apart from the HLIM field, and everything else beyond the IPv6 header (40 bytes) was encrypted?

v2.23.0 | Report a Bug | By Email