IETF Logo Mail Archive

Re: [Errata Rejected] RFC8200 (6003)

JINMEI Tatuya / 神明達哉 <jinmei@wide.ad.jp> Tue, 12 May 2020 01:57 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 813803A0E37; Mon, 11 May 2020 18:57:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FSrRzOfzoW6U; Mon, 11 May 2020 18:57:22 -0700 (PDT)
Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 717233A0E1B; Mon, 11 May 2020 18:57:22 -0700 (PDT)
Received: by mail-pj1-x1036.google.com with SMTP id z15so18242pjb.0; Mon, 11 May 2020 18:57:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:message-id:from:to:cc:subject:in-reply-to:references :user-agent:mime-version; bh=NFiL56D7PCN7r4KNbY6SOcJhY6sYn5svkOhFIHZWHVU=; b=kXOK2YUAmktm9hPfKQiP0Mi2PckmksW1uw/d2tv8OdNUfWg706//8sQso8EENCrAz0 tOvJjI3BiCq4qNLBzEofotjfYovyVDbsAGRo4tc/4qAvgpEcw+qcdvt7Wt+bCGtinAGL DJh5BA+TfM2LCT99x4RS53adFnH3yMS6801csh+L/e4A4X4z98nCFdSUrW0fvlM3EvOp +HDB8AzO942b0u0BsXETptzc776biH8xMTw/0ekv3jfVkWoCznOhjKhyuYJt0PpcvSMN sHuBRGmdrEp4zyEcRMGPz+d6iOaJDl/hdwvD1OQ/k2wcO3zOBlOai5CI3MZ1a1OkCud6 FBKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:message-id:from:to:cc:subject :in-reply-to:references:user-agent:mime-version; bh=NFiL56D7PCN7r4KNbY6SOcJhY6sYn5svkOhFIHZWHVU=; b=OuMSQ3UoL5/Xrq+mhm9jRVKXHgwfF39mFjLfdOND+6b3jgIsRXo/p/wAKyLzL8SWxM jMhGTlQTLh8EyokWJunzFOQzIFqFa9o2n/VkFr2BFjIDB49ArO16m5fUdMkADeaa8ozO ppEAz86RbfyH8yI1ACdYcEE/uoes0kjJJ2kU5W8l19HJI8rAjIM2SPetpwF/1YlT3Ccc TY4ZAx63tL61+vOCdjrCXvojr6x2/bbUbVB3IkY5OwT0Oy7hzGBq1ndwS5Y4C5GZQseK OjPdw6gd9kRRTZ/p4UappOZ87KdzrXfc7dDjWajhJs4txmEkiuilhZbUEby2q9HThMZb wdSA==
X-Gm-Message-State: AGi0PuaQ0EmIGUPEfBmMJinghWmcLFFAhD/zEffBnqJiB2j1pz0HWZW6 2Mh8j1lKNZGCuAEEhSQBWhM=
X-Google-Smtp-Source: APiQypKEFvDF7NugfGBjpU3wDo1Hs3BQzWlr9Rxe3RPsEZw2SQYkwKb8H19lMftvN8OVp5IMh91Hdw==
X-Received: by 2002:a17:902:9a41:: with SMTP id x1mr16871696plv.4.1589248641520; Mon, 11 May 2020 18:57:21 -0700 (PDT)
Received: from jmb.localhost ([2601:646:8e01:ffbd:9167:67f:6594:61b3]) by smtp.gmail.com with ESMTPSA id q11sm10277057pfl.97.2020.05.11.18.57.20 (version=TLS1 cipher=AES128-SHA bits=128/128); Mon, 11 May 2020 18:57:20 -0700 (PDT)
Sender: JINMEI Tatuya <jinmei.tatuya@gmail.com>
Date: Mon, 11 May 2020 18:57:11 -0700
Message-ID: <m28shxdifc.wl%jinmei@wide.ad.jp>
From: JINMEI Tatuya / 神明達哉 <jinmei@wide.ad.jp>
To: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: fgont@si6networks.com, bob.hinden@gmail.com, ipv6@ietf.org, iesg@ietf.org
Subject: Re: [Errata Rejected] RFC8200 (6003)
In-Reply-To: <20200510184112.9643EF406D6@rfc-editor.org>
References: <20200510184112.9643EF406D6@rfc-editor.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/24.5 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/pB5dcr9FBV4vgziWop0kjGLseRU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2020 01:57:25 -0000

I don't have a strong opinion on how this errata should be handled,
but I'd like to make a remark on one specific point:

At Sun, 10 May 2020 11:41:12 -0700 (PDT),
RFC Errata System <rfc-editor@rfc-editor.org> wrote:

>  --VERIFIER NOTES-- 
> Section 3 clearly highlights for the reader when the IPv6 Destination Address in the header might differ from the IPv6 address of the ultimate destination.
> 
> As such, all references in the document to "Destination Address" lacking further qualifying text should be read bearing this in mind.  The text in section 4 is no exception.  The key text has remained unchanged since RFC 1883.

Does "the key text" mean the definition of "Destination Address" in
Section 3?

      Destination Address 128-bit address of the intended recipient of
                          the packet (possibly not the ultimate
                          recipient, if a Routing header is present).
                          See [RFC4291] and Section 4.4.

then that's true.  And, I agree that the text in question in Section 4
intentionally uses the term "Destination Address" precisely in this
sense until RFC2460:

   With one exception, extension headers are not examined or processed
   by any node along a packet's delivery path, until the packet reaches
   the node (or each of the set of nodes, in the case of multicast)
   identified in the Destination Address field of the IPv6 header.

This "Destination Address" *must* include an intermediate destination
specified in a routing header, since there can be an extension header
(other than hop-by-hop options headers) before a routing header, and
such a routing header would have to be "examined" or "processed" at
each destination specified in that routing header.

Now, RFC8200 changes this text in a non-trivial way, and in that sense
"a key text" has changed, which is in fact the point of the "error":

   Extension headers (except for the Hop-by-Hop Options header) are not
   processed, inserted, or deleted by any node along a packet's delivery
   path, until the packet reaches the node (or each of the set of nodes,
   in the case of multicast) identified in the Destination Address field
   of the IPv6 header.

The phrase "inserted, or deleted" was added as a result of the
discussion regarding whether "examined or processed" includes
insertion or deletion.  If it doesn't, it means that an arbitrary node
in a packet's delivery path (whether or not the nodes' address can
appear in the Destination Address field of the IPv6 packet due to a
routing header) can insert or delete an extension header.  In
particular, such an arbitrary node can insert a routing header into a
packet even if that node itself doesn't appear in the Destination
Address field.  That would be particularly convenient for the
"insertion/deletion" mode of SRv6, and that interpretation ("examined
or processed" does NOT include insertion or deletion) were mainly
supported by those developing the SRv6 protocol.  Other people opposed
that interpretation and argued that "examined or processed" should
include insertion or deletion, since otherwise it would break some
existing standard protocols such as PMTUD or AH and make error
handling less robust (the same argument we're still seeing today).

So far I hope I simply explained the past fact without mixing my own
opinions.  Now this is what I would interpret the new text (which also
matched my memory on how I interpreted it at that time): with this
background history in mind, the intent of the new text should simply
be an attempt to clarify "examined or processed" includes "inserted or
deleted" for any intermediate node in a packet's delivery path.

Unfortunately the resulting text overlooked its implication with the
definition of "Destination Address", that is, accidentally making a
loophole for intermediate nodes specified in a routing header.  But if
the loophole had had been noticed at that time, it wouldn't have been
accepted by those who opposed allowing insertion/deletion, since its
adverse effects such as breaking PMTUD would be almost fully intact.
And the loophole wouldn't have made much sense for the SRv6 developers
either, since it would still prevent an fully arbitrary insertion.

So I believe most people involved in that discussion interpreted the
text as I did, regardless of their position on intermediate
insertion/deletion.  Of course, this interpretation wouldn't be
favorable for those who wanted arbitrary insertion/deletion.  The
"deal" in my memory is that while rfc2460bis (now RFC8200) explicitly
made it more restrictive than RFC2460, 6man and spring WGs would
collaborate on followup work on how we can loosen the condition.  (I
wish I had a more direct reference to this conclusion at that time,
but I couldn't easily find it so I'm writing this largely based on my
own memory and it's quite possible that it's not entirely accurate).

And that's why I believe that this is essentially a simple "bug fix"
of the RFC text and that it's more productive to fix the bug quickly
and focus on the "followup work".  In that sense I sort of agree that
it can be fixed as an erratum.  But I also admit that "purely
literally" the current RFC8200 text could read as if it made the
loophole intentionally, and so I understand the argument that it's not
suitable for errata.  And, in any case, I don't think it's productive
to spend too much time on whether errata are the suitable place for
this fix.  If that level of point is somehow debatable, I'd rather
suggest focusing on draft-bonica-6man-ext-hdr-update (I'd suggest the
same thing even if I don't happen to be a coauthor of the draft).

--
JINMEI, Tatuya

v2.23.0 | Report a Bug | By Email