IETF Logo Mail Archive

RE: IPv6 header insertion in a controlled domain

Ron Bonica <rbonica@juniper.net> Mon, 09 December 2019 14:12 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6E2B120089 for <ipv6@ietfa.amsl.com>; Mon, 9 Dec 2019 06:12:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=lsFOPrGQ; dkim=pass (1024-bit key) header.d=juniper.net header.b=JnESTD+0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lEdphrmYhyD2 for <ipv6@ietfa.amsl.com>; Mon, 9 Dec 2019 06:12:04 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80F47120043 for <ipv6@ietf.org>; Mon, 9 Dec 2019 06:12:04 -0800 (PST)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xB9EBw2m002267; Mon, 9 Dec 2019 06:11:58 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=MXUaKIXtoLN2TtyFxKZF5RUPSstBuUL9TzR6ta4b/b0=; b=lsFOPrGQRMM2zPpj6RPiYWVHxoIYlQamLTUS34gnfz1xVubEwQ7dquh+VkPD2+wkpukR rB6ksK4fLDECEGREnToPSbX17JgJSiYoijUzaPDkH02J2L4lQCy6buGU+giGXFG5QmtP YdQ7mv4O02oQdYXtw+uAWJDn8BHh8hTtUV2HLjQNoziFqp9i5kOK9mwXtgBhWZn/RBpy hny5ojedsuRnIzG5HGtUQ79xzWpF+dDRSH4Z787rxKUx8w8RXSGvoKG9lFxDhOeqOj1W kojhG+1y9DjlcD5/kPkx9ZmsRvw3OwTSCEsrD87x4gTwSLRBXm/n1GVO9Ky4F5KSCxKR tg==
Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp2052.outbound.protection.outlook.com [104.47.37.52]) by mx0a-00273201.pphosted.com with ESMTP id 2wrbytaqru-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 09 Dec 2019 06:11:58 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QvtyzUSVqGYReRJ4+VB+cUrSL8Tb8Mi+KDJLNeGwq7muVfUhKpoHREWZZmL2e/lF5jWdnuBFLsuSEZV5Hy+8o5fpsI7TBE9vGELusW+U8dkBUVo6AhhhHcciwVpmXXq2km2GOFpzeHVbBsiJOzMWyNWpmymkAWld9HEkm9Zu9lradO7PQVFiZcvM3ah4g/dJxdoZUPgdS3TPpeJA6Uo1fChQofiWkGR1c9uNWmdJgUdjeNrWGhbkVBLD0Cun17QyZZ9cugUJbu1ZC5n7UCGtDnAyti10UsjxB7utVjwvmQNTDpJXWZX3wWUHpANfbK5+e4IG0eM4ZJ7zrAAVSb6xdw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MXUaKIXtoLN2TtyFxKZF5RUPSstBuUL9TzR6ta4b/b0=; b=kle1OKJFVz+mifrcRnSF1SEkUGoHIb0CtmvLoEznRzuKj4Jb+2KQ/ElGauZXGgcsqBgkm0QL0cypHzmKVvTl0gyfm/nkj3U7zISQz8XqgXuBtgDwIqE/x4NLXMkfGxRNVFELkWZWWwBSB2rf936FZ7wJt/fcT13ZIuaYULy3nfi7tLOlaslik4LyR1eJ0qdMpjjGLXJQFTauotx2Q0JeFuHd0MF4abQ6KtkSazCUfoN03XsLIAvQbtAmvy11d1s5wkqYfubiDQddOOVbuW0hQceCaurNppRWmj6Gcv8nAM1YG4QRF3nX3F7kiZqL306ZadwtGdt46QtmxMnln2BZkw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MXUaKIXtoLN2TtyFxKZF5RUPSstBuUL9TzR6ta4b/b0=; b=JnESTD+0ZBkABFOipYiNJ8stSEPnl4ra3I4NwOQI50hGb8RgYu2BCZRor1Zq4jU3K3T5tHsdkFxlsEscDa21DNeCoVlMjlqf79YqmQZuQRwgPTH9+ZXFyWH0HRrzz4hypIZ9IJ9g+OnTwQvjW3eunBWE+Wl9oJ4Fmp1owz8PZmE=
Received: from BN7PR05MB5699.namprd05.prod.outlook.com (20.176.28.88) by BN7PR05MB4577.namprd05.prod.outlook.com (52.133.222.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2538.6; Mon, 9 Dec 2019 14:11:55 +0000
Received: from BN7PR05MB5699.namprd05.prod.outlook.com ([fe80::185e:d297:6499:4987]) by BN7PR05MB5699.namprd05.prod.outlook.com ([fe80::185e:d297:6499:4987%7]) with mapi id 15.20.2516.003; Mon, 9 Dec 2019 14:11:54 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Sander Steffann <sander@steffann.nl>
CC: Ole Troan <otroan@employees.org>, 6man WG <ipv6@ietf.org>
Subject: RE: IPv6 header insertion in a controlled domain
Thread-Topic: IPv6 header insertion in a controlled domain
Thread-Index: AQHVrall5CtMz008y0qdWVSa9J0j7aewW++AgAAK44CAAANjAIAAAkuAgAANoICAAAJuAIAADDUAgACP8OCAAEMbgIAAfaQw
Content-Class:
Date: Mon, 09 Dec 2019 14:11:54 +0000
Message-ID: <BN7PR05MB569952E6B42D62D8AF8F7AD2AE580@BN7PR05MB5699.namprd05.prod.outlook.com>
References: <BN7PR05MB5699F86F6DF1F224DF4A6E32AE580@BN7PR05MB5699.namprd05.prod.outlook.com> <C27A0E92-AF13-477B-9A22-DAB05494DE61@steffann.nl>
In-Reply-To: <C27A0E92-AF13-477B-9A22-DAB05494DE61@steffann.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Owner=rbonica@juniper.net; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2019-12-09T14:11:52.4385422Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Application=Microsoft Azure Information Protection; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=caa6a147-8c17-4c40-8fdd-be72adc680fa; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Extended_MSFT_Method=Automatic
dlp-product: dlpe-windows
dlp-version: 11.3.2.8
dlp-reaction: no-action
x-originating-ip: [66.129.242.10]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 5c792d9a-16a8-4ffe-67b7-08d77cb1bece
x-ms-traffictypediagnostic: BN7PR05MB4577:
x-microsoft-antispam-prvs: <BN7PR05MB4577AEC81F7E3DBF56095C2BAE580@BN7PR05MB4577.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4941;
x-forefront-prvs: 02462830BE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(39860400002)(376002)(136003)(346002)(13464003)(189003)(199004)(478600001)(54906003)(66446008)(52536014)(4744005)(86362001)(71200400001)(5660300002)(305945005)(76116006)(33656002)(316002)(229853002)(66476007)(66556008)(64756008)(66946007)(71190400001)(9686003)(55016002)(8936002)(53546011)(186003)(26005)(4326008)(6506007)(8676002)(81156014)(6916009)(2906002)(81166006)(7696005); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR05MB4577; H:BN7PR05MB5699.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JlynYVv4Ir9txeP4eCu4V5hAkpEqvW6sBOCxdZdNwMSov5m3xM2ASIzE4t5jbwXBZ76nSKLSnKH0aZAA1fOi5NgBOkKHtxRf/99lFNGBqgo3/rr3JaBc+AfnrlivkUFJHYbRgjg3pA91u5wbua0SkEarGxj3EpHRhAwiSx8eqCR7L2DqDKglltUwGJXbQNnZowh7MQZVsZbQIcCt34/QCgFVcGP9QTuonTsN2nLx3v++qnIpe25mTEuiVNA7nJnIeYnEEw/Z+bhMn5/p9SkLBOolJm7AXY7OBQBDBkxF3Go4JfEMI16TMiUVtexph0+QjQ1lFyVrJrnH34D4J16F+YOaSgWjyuJ/8Yp/J0RLxe5i8YixkNsBCOV9Oym218RFr62gAPjW2v6FVmETFN3r215QuY916Rczd1alzYeeMh712bj28EE/LSmap/87TW1BsJVgyLxVyhB1mkdMbw+AF0xcJUKos8Xh9rlEmYHR3cszD3OjRqPtxltpS2N7YuKT
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 5c792d9a-16a8-4ffe-67b7-08d77cb1bece
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Dec 2019 14:11:54.7098 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MYHjDMbRk76vokhpZpQeMbvv9T9/gUxqpqYshET8uudyAsmy8KNlH8haW4wggeXyptiYjCWaHkGWbtMXu5Nr6A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR05MB4577
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-12-09_04:2019-12-09,2019-12-09 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 malwarescore=0 priorityscore=1501 suspectscore=0 lowpriorityscore=0 bulkscore=0 adultscore=0 spamscore=0 phishscore=0 clxscore=1015 impostorscore=0 mlxscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912090123
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/q0sCINteJu8PFG5nz_PS5mnbheI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2019 14:12:06 -0000

Steffann,

I believe that the second does apply.

                                  Ron



Juniper Business Use Only

-----Original Message-----
From: Sander Steffann <sander@steffann.nl> 
Sent: Monday, December 9, 2019 1:41 AM
To: Ron Bonica <rbonica@juniper.net>
Cc: Ole Troan <otroan@employees.org>; 6man WG <ipv6@ietf.org>
Subject: Re: IPv6 header insertion in a controlled domain

Hi Ron,

> See Section 7.5 of .....

Not choosing to use AH to protect the SRH is one thing, but not supporting an AH in the existing packet when doing header insertion is quite another. I want to be sure the second doesn't apply.

Cheers
Sander

v2.23.0 | Report a Bug | By Email