RE: I-D Action:draft-ietf-6man-exthdr-01.txt
Suresh Krishnan <suresh.krishnan@ericsson.com> Wed, 05 January 2011 07:33 UTC
Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7FA853A6B9D for <ipv6@core3.amsl.com>; Tue, 4 Jan 2011 23:33:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.574
X-Spam-Level:
X-Spam-Status: No, score=-102.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zf9UMHcbFQbd for <ipv6@core3.amsl.com>; Tue, 4 Jan 2011 23:33:20 -0800 (PST)
Received: from imr4.ericy.com (imr4.ericy.com [198.24.6.8]) by core3.amsl.com (Postfix) with ESMTP id 73A2A3A6A2C for <ipv6@ietf.org>; Tue, 4 Jan 2011 23:33:20 -0800 (PST)
Received: from eusaamw0706.eamcs.ericsson.se ([147.117.20.31]) by imr4.ericy.com (8.14.3/8.14.3/Debian-9.1ubuntu1) with ESMTP id p058Apb6021298; Wed, 5 Jan 2011 02:10:52 -0600
Received: from EUSAACMS0703.eamcs.ericsson.se ([169.254.1.66]) by eusaamw0706.eamcs.ericsson.se ([147.117.20.31]) with mapi; Wed, 5 Jan 2011 02:34:48 -0500
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
To: Fernando Gont <fernando@gont.com.ar>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Date: Wed, 05 Jan 2011 02:34:46 -0500
Subject: RE: I-D Action:draft-ietf-6man-exthdr-01.txt
Thread-Topic: I-D Action:draft-ietf-6man-exthdr-01.txt
Thread-Index: Acurj0lc6YYmKH76SNey+636QKZq5ABGrtOw
Message-ID: <4FD1E7CD248BF84F86BD4814EDDDBCC150E9C64854@EUSAACMS0703.eamcs.ericsson.se>
References: <20101217234501.11691.81147.idtracker@localhost> <AANLkTi=Lr_4zOd=-DrAxic_t_o0MvyOoWPYmiktZZod2@mail.gmail.com> <63416880-97B6-4CE4-864A-1402DA977B5F@tony.li> <AA183326-2E70-4A23-83A7-9F96131ADFF4@tony.li> <4D113364.3050105@ericsson.com> <201101032040.p03KeE86005244@cichlid.raleigh.ibm.com> <4D223EC0.7020906@gmail.com> <4D2242E9.8040804@gont.com.ar>
In-Reply-To: <4D2242E9.8040804@gont.com.ar>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Thomas Narten <narten@us.ibm.com>, "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jan 2011 07:33:21 -0000
Hi Fernando, Please see response inline. > -----Original Message----- > From: Fernando Gont > [mailto:fernando.gont.netbook.win@gmail.com] On Behalf Of > Fernando Gont > Sent: Monday, January 03, 2011 4:43 PM > To: Brian E Carpenter > Cc: Thomas Narten; ipv6@ietf.org; Suresh Krishnan > Subject: Re: I-D Action:draft-ietf-6man-exthdr-01.txt > > On 03/01/2011 06:25 p.m., Brian E Carpenter wrote: > > > The basic motivation for the present draft is clear: > > > >> However, > >> some intermediate nodes such as firewalls, may need to > look at the > >> transport layer header fields in order to make a > decision to allow or > >> deny the packet. > > > > That is, help middleboxes to violate e2e transparency and, > > furthermore, allow unknown headers to cross those middleboxes. > > I don't think this I-D will make a difference. > > From the POV of a firewall, unless it really wants a packet > to pass-through, it will block it. > > So, whether the Extension Header is unknown, or whether > draft-ietf-6man-exthdr-01.txt is implemented and the Specific > type is unknown will lead to the same result: the packet will > be discarded. > > This proposal would only be useful to firewalls that > implement a "default allow", and that simply want to somehow > ignore an unknown extension header and base their decision on > the upper-layer protocol (only). -- But we all know that > firewalls operate (or should operate) in "default deny" > rather than "default allow". > > So IMHO this proposal won't be useful for such firewalls. Yes. You are correct. This proposal will not be useful for such firewalls. On the other hand http://tools.ietf.org/html/draft-ietf-v6ops-cpe-simple-security-16 allows a class of firewalls that can put application transparency over strict filtering (see REC-11). In such case differentiating an unknown transport layer protocol from an unknown extension header would be useful. Whether or not such firewall would exist in the wild is an interesting question, but I do not see how to answer that conclusively. Thanks Suresh
- I-D Action:draft-ietf-6man-exthdr-01.txt Internet-Drafts
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Tony Li
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Tony Li
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Tony Li
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Tony Li
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Thomas Narten
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Brian E Carpenter
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Fernando Gont
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Joel M. Halpern
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Rosomakho, Yaroslav
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Fernando Gont
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Thomas Narten
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Thomas Narten
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Steven Blake
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Fernando Gont
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Joel M. Halpern
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Rémi Després
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Suresh Krishnan
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Joel M. Halpern
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Bhatia, Manav (Manav)
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt Bhatia, Manav (Manav)
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- RE: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Brian E Carpenter
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt RJ Atkinson
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Rémi Després
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Rémi Després
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt james woodyatt
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Hing-Kam (Kam) Lam
- Re: I-D Action:draft-ietf-6man-exthdr-01.txt Brian E Carpenter
- draft-ietf-6man-exthdr-01 - Support for adoption Rémi Després