[IPv6]Re: Deb Cooley's Discuss on draft-ietf-6man-icmpv6-reflection-12: (with DISCUSS and COMMENT)
"Bonica, Ron" <ronald.bonica@hpe.com> Fri, 21 November 2025 17:21 UTC
Return-Path: <ronald.bonica@hpe.com>
X-Original-To: ipv6@mail2.ietf.org
Delivered-To: ipv6@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 1E0218E22389; Fri, 21 Nov 2025 09:21:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.794
X-Spam-Level:
X-Spam-Status: No, score=-2.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=hpe.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LiuweEGtLkgk; Fri, 21 Nov 2025 09:21:40 -0800 (PST)
Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 0EE668E2237B; Fri, 21 Nov 2025 09:21:39 -0800 (PST)
Received: from pps.filterd (m0134422.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5ALDDVOi030144; Fri, 21 Nov 2025 17:21:37 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=pps0720; bh=+fwm1rK53ZceITbUcscDyENbyU 7N3Uk0hDYIUPjamkk=; b=aaDneRVBByhkHJehA4HuSWcPzycy+053gkR73FHsqZ e6MNnPj3ZsHsVpr64HDTTVjRrkCAsfieTTtf4aKCA4OhUX4sQNJ21sOtOOxHzb2p AemaZ9mhkMnySgsSECRWyf48u+AIiNBLCpzrNRtxXpuEPA+7uw00kmn6cTasmnae BsSAXaBAG4hbEmqrK/miWfLKYbWPiqYgtfF9tUrDkhO0si/IMhEXAnaThXLWa4ex hDOl+BwYkjnXoLSp0G6Bas76hFUBrnSge4hlpwtyiYluMd4LXd1LpVo2XHlzDJPc HbwZPKtCFNe34RCqXRwFNkgH1Z8nUC9s+TFEZEFR6M8Q==
Received: from p1lg14881.it.hpe.com (p1lg14881.it.hpe.com [16.230.97.202]) by mx0b-002e3701.pphosted.com (PPS) with ESMTPS id 4aj89k46hg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 21 Nov 2025 17:21:36 +0000 (GMT)
Received: from p1wg14926.americas.hpqcorp.net (unknown [10.119.18.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by p1lg14881.it.hpe.com (Postfix) with ESMTPS id 2BEEF80565F; Fri, 21 Nov 2025 17:21:36 +0000 (UTC)
Received: from p1wg14928.americas.hpqcorp.net (10.119.18.116) by p1wg14926.americas.hpqcorp.net (10.119.18.115) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Fri, 21 Nov 2025 05:21:35 -1200
Received: from p1wg14923.americas.hpqcorp.net (10.119.18.111) by p1wg14928.americas.hpqcorp.net (10.119.18.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Fri, 21 Nov 2025 05:21:35 -1200
Received: from P1WG14918.americas.hpqcorp.net (16.230.19.121) by p1wg14923.americas.hpqcorp.net (10.119.18.111) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17 via Frontend Transport; Fri, 21 Nov 2025 05:21:35 -1200
Received: from BN1PR07CU003.outbound.protection.outlook.com (192.58.206.38) by edge.it.hpe.com (16.230.19.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Fri, 21 Nov 2025 17:21:35 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Tcb2T14M+BiYrSdvnJuvRQLfM/q5D3vNCr2gHAr1MMpXcYDs2V7GkiMlLI7fXKXATaxmW3aWyS7sFdtgeutCIfZTCuobJXjNAhKjlg7OnCuAxCJy+WQ+R1ICoXMwRl9FUA3Ovhvie5cPR/1qz8n+qUTjstltZlGqta3mOw2VOQn81x93cg+MRPO4QYO5ZSAcxDLBxgTNNGMNGPqUuLt10CuK5F3snHz2eX4pu8SyfIXQToMjp8RGSJ4Pw3rsvWvLO/us2D07ohIi+0klKQhMYE6Bvg8TDB3KVoznhjC/OjAELVg365dsuuY8XQ6+EKcIiEthZbCYgG1DdStpvH9qhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+fwm1rK53ZceITbUcscDyENbyU7N3Uk0hDYIUPjamkk=; b=xiFiazbvnGRf30DJmL77Xjlt0O86KerEy2oq0m9+2r9THyNd0ONrMW7M95qcLHyZIqkytuz6WsUDKG27VG4AS1IG1I3Wrqhl2Mt95wL12N9LAsa2TztD3voVYdLVfg4xgTmQ6tG6WmH0NZsQvn4/Su1HcFZgBfbbeFQvwyHcgVpupaTrUd1WSxhDSz1PKP1Z2kir4yyKZTDCgtG58xC07d7I6xv5e2YpE9VM6P4WqMEYf5a0q8BHhConuIhuzyvKWGAv/hb6DtbDgrKqfOWNT+ZmhzOstOT6yce84b6IlKo6rWlW64EFdJYe2/MtB2E7efc52pAuHISEfkxoxAKjAQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hpe.com; dmarc=pass action=none header.from=hpe.com; dkim=pass header.d=hpe.com; arc=none
Received: from DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:8:51::18) by DM4PR84MB3030.NAMPRD84.PROD.OUTLOOK.COM (2603:10b6:8:aa::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9343.11; Fri, 21 Nov 2025 17:21:33 +0000
Received: from DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM ([fe80::611e:d918:927a:5994]) by DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM ([fe80::611e:d918:927a:5994%5]) with mapi id 15.20.9343.011; Fri, 21 Nov 2025 17:21:33 +0000
From: "Bonica, Ron" <ronald.bonica@hpe.com>
To: Deb Cooley <debcooley1@gmail.com>
Thread-Topic: Deb Cooley's Discuss on draft-ietf-6man-icmpv6-reflection-12: (with DISCUSS and COMMENT)
Thread-Index: AQHcVvD30nmMOEvmaEejiiv6vuA4bbT2//qMgAYNfYCAAEh7yw==
Date: Fri, 21 Nov 2025 17:21:33 +0000
Message-ID: <DM4PR84MB23100E851613696616A334FDF4D5A@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM>
References: <176329456182.537904.482025678357762045@dt-datatracker-5bd94c585b-wk4l4> <DM4PR84MB2310EEE6F2BCA90F47C31872F4C9A@DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM> <CAGgd1OeYHG7RJW7rM16A2R8mdpvTk-xE=BAEgLawfujR6hmRbA@mail.gmail.com>
In-Reply-To: <CAGgd1OeYHG7RJW7rM16A2R8mdpvTk-xE=BAEgLawfujR6hmRbA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM4PR84MB2310:EE_|DM4PR84MB3030:EE_
x-ms-office365-filtering-correlation-id: b87abf27-8e73-4ee5-d24a-08de29226b03
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|7053199007|13003099007|8096899003|38070700021;
x-microsoft-antispam-message-info: SjIuVRdIKGuzQB8/Jk26Q2fE5/anqLtIgre/hCxxy5jDE17MTK8/iYM1BKK7NugVfZJQgnWef5kTN3Pd1t9vHPfA1aZzJKkbkMqX+MBIoAphtlg+AY+B5wAJzSd19k67H1yVYXMrsFofTmNB2jz9/8dCHu2ActmD40raH76bTlhdXOkIyWFWK6RXO1ILM7uyO+W/JZicW3w3FdjA+5puFiLO8FrSBm9nNa99mrhUusurlU21PUuI1/TvvGxYXRihs3tr/xTHk8Q9v5ouj/bJ6UTrizHx72/8rECP6o1cyKdeFyYx+tOiiVQeeulTFbADpxgeFm1/dBLY5P7RUYo+6i3FfkP8CM++It+/JY8mfXd17ULVdVw0U8lCYyOCFyEqK68tHFDEtWt9er7YB3Cu/eK17/Yz67twWSTOxwcPLUichueRxQuGEHJA07ib/da8yfdf6rZTrH0qJ6+psBrnb/PydBnmEQZNIj02eyo03vtFEoh4s1JOVvQxM2/PskKw6AyQho+Gq5e/+bSl3O+DWXWecWBocV4iL9VjOHbfAoPr8pzW7BCd6C5f6aK16Xr9ig8Qi0TPZN5GWLSS+JQFjxznDrgmaAVV2c1T8VBDUkmPpaZHcoHK5luEe5XEIzvDK/fxSz5eR3t+iAKemRUc+swlA0TuRCJCt459uBx7XNm3+Lln1KN3wK0AaTN9kUU5lVphlGuuDo/ujR0grPWgmV6EU+ZlH/YSfAHDbqHlnsi7sKSM1BO71cRWAxDEALUTbeHrP+ihWvMgMQLV7CQ2wj78azZzQQrN4my6g/q9DGV5stnJXHsgLCpOvwwrTOmC/3YMFVu7xN090/KWAHw7xpblaMJkQs6fdKLldrBKPoi10XOPJ3uxuZo9y3ycyieRkIHylHpYloTxYyv4i+spU81wUJVVqKBmm+uRxh7Er+IPrPaRx/6uOgcxyhkUYs5XNcMgSZIhcTL/J3bAaJ5Vlljx4pqzdje47HgBVE6TLBbvgh8d+WGqQuqw31uco95rBE5Didaw9W6d0et47DhK0og6KvJyr6vDIj/03ly/gE7IrW3Oki34yMpxVEr3Nk3efvDRydbaEC1Z2f2fcizKF1KHLtmQ9yEp70QoWiQiKwkR8EDGxFnMGYCc1zTP+wvq0CF9WigtjjkvE6eGKdF713CWpNroUcxRk/Rx6cQFAJdPs1KIwzX81EZH6mVOmq2g8gI4GRLKtEMo1q0VA4IrjLrR+eg3n/KVUAg/kdnsP5roHGyhA4T+6RD8MfDpt1p5bIHU1dyQjzhEB3BXyS+3BR5v5TxMrDcatdxWFxGgeV30A/KrlWDfWlgLHGJBMVx4eCDNNDAK2AUgG1Tl3WfvnT2vCcKHuu7KPqdhdO7G+SMv1MY7OjvqE5j6So0dWBtg3L5+9rj7wJFfAqEflciXDesTGuUkjiEXlDksUILcB5469GZAeCzryW193zTbpsNgLMQV0lzMRo2cw/cz19ckIl25OiEMlrmYCPezE3Q+VlkPO7QkBwhRubfPvTjW8W8d
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:ja;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(7053199007)(13003099007)(8096899003)(38070700021);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: MCyKbvlB4nfUYb8n0smdCqlJme+UvjSwGNTmoTY1fE/bHep9JMq91ktk87m/htKCgU2nVHvgwnOQ97RowdZR8IHk9giGlWUlSabbq9F0Htej+l5b5Px8O6X/0uGYlcBJUYM46MibdfpxYg383egCEtGlBGT0kDcJ+zoT0BBqYYq52UT6Rl33UnfQS+i7nnf/zB0SaagxGON12Dnj67lSj4PsF5ib0gm4j9KxFseYdCoJZKAo3yXeOsiwX1IvizetJc70JwKF0MRPSEl0ST45sHvf4DGyJEsUUUQ7CNoA/L4wGNSN4biehFpc5EHRJn7/eIaU1uovucJoDUz+USLLqYqft2LCITRcRgYM7GAFGgtjBEAu+j35k2vt/U25EpGzwddIBexmemAXqMRBfsfZaqpOe/+UShWbwwSVuMqfkN/bM9VfO1Ine+VYKTYBL/yWCJtEK597WLvKzieyLeY1/8/7p5yJN3vip1zQ0MnbIQER1p+3Lsx0kfrg/ivDotuGOudZRtmkX47JSqYVq2UsDZ8KVmpzDv5ZK9u685p4asHzAZa/lPZ92O6rwC/htupsBXMZhdboGG3PEV1Ib5jbHbQK/Zd5fVv1ipLJOjsa4ebKXOYhYIxE27L2KWJJyqrbKiezNh1UxuCRAN+s+OLv1PdlBz17VuFWt9OtTO7tTZjmztW3kljFccKpkHNGhcwNVRDMUcVw2dsWsdrFNeiMg78iyIy/VeLNBJDmlSi0VRg09zDuXTeCzA/3ey7yUio7hoZufBV36pF41j/6JvstVj8cozZ7B6JB+n4h4gquFthXAfcx0iLQ9v7hrqqnLwroIlOtsdSaVf4j7XfgCvkz+r2ag7qV6yXq0hY7LpcFP+LYSHmih52qymUObUQor5BPpDQZ1U1g/2mGG+iJImd95Ci3ukACcJ3wsssMK3L19L4GdCsuVs2OZD8agOprfvl62kC51FrfnBpfVEyp8UvANsRWh7KEoqD+1Dos+MlMX+/55/M/v+vKGGBhXOJuMChMjEyBQGedfwK+IbRna8PAT6AlOW/iqh6BxktF3INNdj5HsmEs2cnnyae2R45E9HIn7XS2beUy3CAvYRU6DwsmJbrdtK2gPt+so+zfzmq7jvdrH/x2xqK36JfgtUQSoEQMGM9QEwSU2ZVI6KQzni2YYdGIhu+1vq6yXgzoootbGuXgmUNTjHIydFC+yW1Bea9hq9NjIhcccg/1xC1phe94HHv/VnMSX9cyUWgTX/q3Lqr8OwlpXKMekgOvGP3sg5edcBhK+1h2Fr4ycLBnapuoAJoAlMMJwl/fQEmGA72S0rBn7KovymO+dsk7cP9rHrnbcXjRFEYQHHo/zNeFazSIF5f8CLivE4Nhvmxau4v491FpWC/VEDFXHzRC9dyNuhn2UcZhQKAac9Wnk5T01C1KHZEXW1yC59LpLFyAEHFk0eTZLu4EOIcn4Dfy9isKViFKd7t7/EIBwLY9hXvbwJZj0HY36MIYB9R4MNlyxdl7KdT0GNJaPXeEXyWbg+oV6uQRAzje6QTxCZCMK+TZbcfZKM8XA0CunCya8r60RTuAbJilCS2q0cAitYWlP3NYAUTv
Content-Type: multipart/alternative; boundary="_000_DM4PR84MB23100E851613696616A334FDF4D5ADM4PR84MB2310NAMP_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR84MB2310.NAMPRD84.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: b87abf27-8e73-4ee5-d24a-08de29226b03
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Nov 2025 17:21:33.4049 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UNtWecbmafknKV6JXupuoilAMZuo1cPjknkGUzeMuJ+cNIGOiVpd5Tu40lClD+KiIrcXC03s7wwKQVIKS9U9wg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR84MB3030
X-OriginatorOrg: hpe.com
X-Authority-Analysis: v=2.4 cv=NePrFmD4 c=1 sm=1 tr=0 ts=69209fa0 cx=c_pps a=FAnPgvRYq/vnBSvlTDCQOQ==:117 a=FAnPgvRYq/vnBSvlTDCQOQ==:17 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=6UeiqGixMTsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=MvuuwTCpAAAA:8 a=48vgC7mUAAAA:8 a=pGLkceISAAAA:8 a=McaiObFTjSgMqhL8HbsA:9 a=lqcHg5cX4UMA:10 a=QEXdDO2ut3YA:10 a=2icZMNEwpn_Pzm7e:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMTIwMDEyNSBTYWx0ZWRfX3hofxJz6/cGD BXOT2Iqw5DMpcZygnxYjxjW8Yvs/fy0Vu47j13TFl8qOiTll4BnRgCglVhvzxEmw0TkewpXbwTN uOaJgclc1OlZFcgLqpOKeleQgEP9ON1OC3T4UFkXIYNr//EsBBcrgupwkh3sQHCKr8QhevjsIdF iCYgb306KYCZZwY6DZ4TgNLiRFUB/Zk0ws4Mp9siA5Trqhq6X7Ww17kc91LTOXaYFgt4LdLeZYC SPGoAT2bw0eWS1OYFhnWxvhbqatWonbIH74zRxi2XOKUskBQdcT2Jp2uXyQXSUpWUnOg9bMvxQk fEa3IixwXu15KO/BLzzAsLaGjmZYl67BfPBFBqivB6i686hhs4YjffZ/aRC0P1SMZYMOF0azf7a hxHaFf4LCdQtyHWNEKYmPuF9hHimpg==
X-Proofpoint-ORIG-GUID: rsik6zCtQqPjcqGzPNvsINJ2DqO_puEh
X-Proofpoint-GUID: rsik6zCtQqPjcqGzPNvsINJ2DqO_puEh
X-HPE-SCL: -1
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-11-21_05,2025-11-21_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 spamscore=0 adultscore=0 clxscore=1015 impostorscore=0 suspectscore=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2510240000 definitions=main-2511200125
Message-ID-Hash: 223I4P6WSAG6L4YBS34NWIZ5QE3WC3VJ
X-Message-ID-Hash: 223I4P6WSAG6L4YBS34NWIZ5QE3WC3VJ
X-MailFrom: ronald.bonica@hpe.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipv6.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, "6man-chairs@ietf.org" <6man-chairs@ietf.org>, "draft-ietf-6man-icmpv6-reflection@ietf.org" <draft-ietf-6man-icmpv6-reflection@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [IPv6]Re: Deb Cooley's Discuss on draft-ietf-6man-icmpv6-reflection-12: (with DISCUSS and COMMENT)
List-Id: "IPv6 Maintenance Working Group (6man)" <ipv6.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/jSxDEdEaP1BQeMy5zD2njicAYXs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Owner: <mailto:ipv6-owner@ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Subscribe: <mailto:ipv6-join@ietf.org>
List-Unsubscribe: <mailto:ipv6-leave@ietf.org>
Deb,
Responses inline.....
Ron
________________________________
From: Deb Cooley <debcooley1@gmail.com>
Sent: Friday, November 21, 2025 6:55 AM
To: Bonica, Ron <ronald.bonica@hpe.com>
Cc: The IESG <iesg@ietf.org>; 6man-chairs@ietf.org <6man-chairs@ietf.org>; draft-ietf-6man-icmpv6-reflection@ietf.org <draft-ietf-6man-icmpv6-reflection@ietf.org>; furry13@gmail.com <furry13@gmail.com>; ipv6@ietf.org <ipv6@ietf.org>
Subject: Re: Deb Cooley's Discuss on draft-ietf-6man-icmpv6-reflection-12: (with DISCUSS and COMMENT)
If that is true, then what is the value add provided by this specification. Specifically if ICMPv6 responses provide a copy of the request in the reply, isn't that a 'reflection' already? no extension required.
RB> Ketan and I have discussed this issue at length. The IESG was copied.
Currently, ICMP error messages include an "original data field." This field contains an image of the eliciting packet, as it was when it arrived at the node that sent the ICMP error message. As you point out, this is exactly the information that the sender of the original packet requires.
IETF RFCs instruct middle boxes (specifically NATs) to modify the ICMP error message's original data field. So, when the ICMP error message arrives at its destination, the original data field contents are unreliable. If the ICMP error message traversed a NAT on route to its destination, the original data field does contains an image of the eliciting packet, as it was when it arrived at the node that sent the ICMP error message.
The current draft addresses this problem by introducing a new ICMP Extension Structure Object. This object, like the original data field, contains an image of the eliciting packet, as it was when it arrived at the node that sent the response. The IETF should never write an RFC instructing middle boxes to modify this object on route to its destination. Therefore, when this object arrives at its destination, its contents should be reliable.
As has been said in other ballots, limiting the size of the response, and possibly set patterns might reduce the ease of exploitation.
RB> In order to prevent amplification attacks, the size of the response is always equal to the size of the request. As with all ICMP messages, the message size must not exceed 1280 bytes. As with all ICMP messages, this one is rate-limited.
In my mind, the existence of a linked bidirectional channel, and the opportunity of malicious injection and/or modification into that channel are the issues I would like to see addressed in a comprehensive fashion in Sec Con.
RB> I would be glad to write that section, but I need a little help. Am I correct that I would have to begin by identifying the vulnerabilities introduced by this draft that do not exist in plain old PING? If so, could you help me identify those vulnerabilities?
I like the rewording of the Intro para and the removal of the last part of Section 4. [middleboxes, i.e. firewalls and guards, will not be adhering to your specification if there is a perceived security risk.]
RB> Thanks.
I also have little expectation that this mechanism will be allowed to traverse the network unhindered. It is much easier to block it than to actually filter to reduce the possibility of exfil.
RB> Again, how is the possibility of exfiltration greater with the current draft than it is with plain old PING.
I agree that some networks can't live with the exfiltration threats introduced by PING and TRACEROUTE. Those networks filter appropriately at their network edges. They could do likewise with the current draft.
Ron
Deb
On Mon, Nov 17, 2025 at 10:30 AM Bonica, Ron <ronald.bonica@hpe.com<mailto:ronald.bonica@hpe.com>> wrote:
Deb,
Can all the same arguments be made regarding the data field in the ICMP Echo/Echo Reply messages?
Ron
________________________________
From: Deb Cooley via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>>
Sent: Sunday, November 16, 2025 7:02 AM
To: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>
Cc: 6man-chairs@ietf.org<mailto:6man-chairs@ietf.org> <6man-chairs@ietf.org<mailto:6man-chairs@ietf.org>>; draft-ietf-6man-icmpv6-reflection@ietf.org<mailto:draft-ietf-6man-icmpv6-reflection@ietf.org> <draft-ietf-6man-icmpv6-reflection@ietf.org<mailto:draft-ietf-6man-icmpv6-reflection@ietf.org>>; furry13@gmail.com<mailto:furry13@gmail.com> <furry13@gmail.com<mailto:furry13@gmail.com>>; ipv6@ietf.org<mailto:ipv6@ietf.org> <ipv6@ietf.org<mailto:ipv6@ietf.org>>
Subject: Deb Cooley's Discuss on draft-ietf-6man-icmpv6-reflection-12: (with DISCUSS and COMMENT)
Deb Cooley has entered the following ballot position for
draft-ietf-6man-icmpv6-reflection-12: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://urldefense.com/v3/__https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/__;!!NEt6yMaO-gk!A-y21fPp3fM-70EXPkJ6PnRmPa9l_sIiN2oXRJq7Asbqqy-wNj1TeRYqTxpHYXQjqUA58w17X_HHgz4$
for more information about how to handle DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-6man-icmpv6-reflection/__;!!NEt6yMaO-gk!A-y21fPp3fM-70EXPkJ6PnRmPa9l_sIiN2oXRJq7Asbqqy-wNj1TeRYqTxpHYXQjqUA58w17Mw2Pn1A$
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------
In my opinion, this is a dangerous extension that can be used for harm without
detection.
Prevention of modification: I don't see any way to determine if either the
request or the response has been modified. Any of the sender, recipient, or
entities in-between can modify the contents to contain the information that
they want to convey. The recipient can lie about what has been received.
Middleboxes can modify any of the packets in either direction.
Creating an unauthorized information channel: In addition, either endpoint can
include 'arbitrary' data (as specified in Section 5, second to last paragraph)
creating a channel to exfil (policy) prohibited information. The only limit to
the size of the packet is a 'SHOULD NOT' to avoid fragmentation (Section 4,
para 1). Only a soft 'must not' in Section 4 alludes to a middlebox capability
to block attempted exfil.
Possible ways forward: There has to be an allowance for a middlebox (boundary
device) to protect the network by blocking exfil of policy prohibited data.
There could be hard limits for packet size. And the allowance for the
inclusion of 'arbitrary data' in the request could be removed. There also
could to be strong wording in Security Considerations about how this mechanism
can be abused. I'd be happy to help craft the Sec Consid part.
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Thanks to Robert Starks for their secdir review.
- [IPv6]Deb Cooley's Discuss on draft-ietf-6man-icm… Deb Cooley via Datatracker
- [IPv6]Re: Deb Cooley's Discuss on draft-ietf-6man… Bonica, Ron
- [IPv6]Re: Deb Cooley's Discuss on draft-ietf-6man… Deb Cooley
- [IPv6]Re: Deb Cooley's Discuss on draft-ietf-6man… Bonica, Ron
- [IPv6]Re: Deb Cooley's Discuss on draft-ietf-6man… Deb Cooley