IETF Logo Mail Archive

Re: CRH and RH0

otroan@employees.org Tue, 12 May 2020 20:38 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38A273A0ADE for <ipv6@ietfa.amsl.com>; Tue, 12 May 2020 13:38:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ctllT-T4_xXm for <ipv6@ietfa.amsl.com>; Tue, 12 May 2020 13:38:36 -0700 (PDT)
Received: from clarinet.employees.org (clarinet.employees.org [198.137.202.74]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 353C83A0ACB for <6man@ietf.org>; Tue, 12 May 2020 13:38:33 -0700 (PDT)
Received: from astfgl.hanazo.no (unknown [IPv6:2a02:20c8:5921:100:88d2:d15d:16bd:2d7b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 1E10F4E11AF5; Tue, 12 May 2020 20:38:33 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by astfgl.hanazo.no (Postfix) with ESMTP id 1DDDC33DD160; Tue, 12 May 2020 22:38:28 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Subject: Re: CRH and RH0
From: otroan@employees.org
In-Reply-To: <DM6PR05MB6348326B0F72A009DB4F7746AEBE0@DM6PR05MB6348.namprd05.prod.outlook.com>
Date: Tue, 12 May 2020 22:38:26 +0200
Cc: "Darren Dukes (ddukes)" <ddukes@cisco.com>, 6man <6man@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <942AF8C7-079E-4C81-95AB-F07A182E8F19@employees.org>
References: <4EDFE9A2-A69C-4434-BB0A-960C2453250F@cisco.com> <DM6PR05MB6348FE6E3A45320C2A47EB66AEBE0@DM6PR05MB6348.namprd05.prod.outlook.com> <8068EBE1-38DD-411E-A896-EB79084BBCC4@cisco.com> <DM6PR05MB6348326B0F72A009DB4F7746AEBE0@DM6PR05MB6348.namprd05.prod.outlook.com>
To: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/sd6ie9EZPn4i_cUdx_ZZ2QMYbOE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2020 20:38:37 -0000

Hi Ron,


> The answer to your question is a bit nuanced. My goals were to build a general purpose routing header that overcomes the RH0's limitations. Those being:
> 
> 	- Its size
> 	- Its security issues
> 
> Now, is that a replacement for RH0? In one way, yes. RH0 and CRH are both general purpose routing headers. In another sense, no. RH0 is meant to traverse network boundaries. But RFC 5095 taught us that letting routing header traverse network boundaries might not be a wonderful idea. So, CRH is restricted to a network domain.

If CRH could be a RH0 replacement, you would have to show how the tag distribution mechanism would work across the Internet?
RH0 was supported in every IPv6 node, given the requirement for a tag->IPv6 address (or is it forwarding method) mapping, I can't quite see how that would be done in a general enough fashion for CRH?

I don't think RFC5095 taught us that source routing cannot be done across the Internet.
In fact I don't see how the CRH draft prevents the RFC5095 attack to happen inside of the CRH limited domain.
Just send a packet with a list of tag#0, tag#1, tag#0, tag#1 and you have the same amplification attack.

> And now I return to my original question. When engineering students read the CRH RFC in 25 years, will they really care what my motivation was? Why should we burden them with this detail?

To the contrary. Take the motivations and intentions behind IPv6. We have spent thousands of emails trying to decode what the original intensions with EHs and their limitations were, why the minimum MTU was 1280, recently I saw a thread about the reasons for why TTL/HL and protocol/next header was swapped between v4 and v6. If your protocol is successful, the original napkin it was designed on will become legend. ;-)

Best regards,
Ole

v2.23.0 | Report a Bug | By Email