RE: [EXT] Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet Protocol, Version 6 (IPv6) Specification) to Internet Standard

Tal Mizrahi <talmi@marvell.com> Tue, 14 February 2017 13:37 UTC

Return-Path: <talmi@marvell.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBBD31295D9; Tue, 14 Feb 2017 05:37:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CdvaWRQjvAyL; Tue, 14 Feb 2017 05:37:15 -0800 (PST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B55012948D; Tue, 14 Feb 2017 05:37:15 -0800 (PST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v1EDYuET022912; Tue, 14 Feb 2017 05:37:13 -0800
Received: from il-exch01.marvell.com ([199.203.130.101]) by mx0b-0016f401.pphosted.com with ESMTP id 28kgn853ru-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 14 Feb 2017 05:37:13 -0800
Received: from IL-EXCH01.marvell.com (10.4.102.220) by IL-EXCH01.marvell.com (10.4.102.220) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 14 Feb 2017 15:37:10 +0200
Received: from IL-EXCH01.marvell.com ([fe80::5d63:81cd:31e2:fc36]) by IL-EXCH01.marvell.com ([fe80::5d63:81cd:31e2:fc36%20]) with mapi id 15.00.1210.000; Tue, 14 Feb 2017 15:37:10 +0200
From: Tal Mizrahi <talmi@marvell.com>
To: Mark Smith <markzzzsmith@gmail.com>
Subject: RE: [EXT] Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet Protocol, Version 6 (IPv6) Specification) to Internet Standard
Thread-Topic: [EXT] Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet Protocol, Version 6 (IPv6) Specification) to Internet Standard
Thread-Index: AdKF/X9u+WIK+SvpTdCAbZfIxgfsEgABO8eAADEQ/AA=
Date: Tue, 14 Feb 2017 13:37:10 +0000
Message-ID: <eeaa0cc49e104cc68c5b2ae23c44e355@IL-EXCH01.marvell.com>
References: <67ab3d39d55840c8a207e2104e6020cd@IL-EXCH01.marvell.com> <CAO42Z2zcc-wCtdbs4VFSu-yWUT0u2PX8r+wpe3Jsj-4vVZUwwg@mail.gmail.com>
In-Reply-To: <CAO42Z2zcc-wCtdbs4VFSu-yWUT0u2PX8r+wpe3Jsj-4vVZUwwg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.4.102.210]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-02-14_08:, , signatures=0
X-Proofpoint-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1702140135
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/tqdnMUoqFtcgTWycJAkEhJlg3ro>
Cc: "draft-ietf-6man-rfc2460bis@tools.ietf.org" <draft-ietf-6man-rfc2460bis@tools.ietf.org>, "6man@ietf.org" <6man@ietf.org>, IETF Discussion list <ietf@ietf.org>, "6man-chairs@ietf.org" <6man-chairs@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2017 13:37:17 -0000

Hi Mark,

I certainly agree that hop-by-hop insertion/modification introduces potential security vulnerabilities.
Therefore, as I pointed out below, I would recommend to tackle this by defining something along the lines of “Hop-by-hop extensions can be inserted/removed/modified/processed by intermediate nodes *if* [……..] and the possible consequences are [……..]”

For example, hop-by-hop handling can be restricted only to a single administrative domain, or only to tunnels (as in the zero checksum case). 

Regards,
Tal.

>-----Original Message-----
>From: Mark Smith [mailto:markzzzsmith@gmail.com]
>Sent: Monday, February 13, 2017 6:07 PM
>To: Tal Mizrahi
>Cc: 6man@ietf.org; IETF Discussion list; draft-ietf-6man-
>rfc2460bis@tools.ietf.org; 6man-chairs@ietf.org
>Subject: [EXT] Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet
>Protocol, Version 6 (IPv6) Specification) to Internet Standard
>
>External Email
>
>----------------------------------------------------------------------
>Hi,
>
>
>
>On 14 February 2017 at 00:43, Tal Mizrahi <talmi@marvell.com> wrote:
>> Hi,
>>
>>
>>
>> Good discussion regarding the text about the hop-by-hop extension.
>>
>>
>>
>> In my opinion there is a valid use case for intermediate nodes that
>> insert/remove/modify/process hop-by-hop extensions. Examples: IOAM, INT.
>>
>> Since there is a use case, I believe we need explicit text about
>> intermediate handling of hop-by-hop extensions.
>>
>
>
>Imagine you sent a letter through the postal system, and the postal system
>wanted to add information to that letter, that is then to be removed before the
>letter arrives at its final destination.
>
>The postal system have at least two choices as to how to add that information.
>They could:
>
>(a) unstick your envelope's seal, insert the information, reseal the envelope so
>well you can't tell and send it on its way, some how flagging to a destination
>device within the postal system that this specific envelop needs to be openned, a
>specific page removed, and then resealed.
>
>(b) take a new envelope with new internal postal system source and destination
>address information, insert your letter without touching it in addition to the new
>information, and then sending it on its way.
>
>Imagine that the information to be added by the postal system is printed on the
>same type of paper and is written in the same font as you've chosen to use to
>write your letter.
>
>Have a think about these two methods, what could fail with each of them, and
>what the consequences may be if any of those failures occur.
>Have a think of the benefits of each method, and whether they're worth it
>compared to the failure mode costs and consequences for the method.
>
>>
>>
>> This [somewhat] reminds me of the discussion a few years ago about the
>> IPv6/UDP zero checksum. The WG ended up defining that “Zero checksum
>> is permitted in IPv6/UDP *if* [……..] and the possible consequences are [……..]”.
>>
>>
>
>That is a far more trivial change to the packet - it is allowing a value in an existing
>field that was formerly prohibited, and nodes that did not understand that value
>would drop the packet because that is what they had been specified to do if they
>received this prohibited value. In other words, existing implementations '
>behaviour when this formerly unexpected value was encountered had already
>been specified and deployed.
>
>
>>
>> I would argue that regarding hop-by-hop extension handling we also
>> need to define that “Hop-by-hop extensions can be
>> inserted/removed/modified/processed by intermediate nodes *if* [……..]
>> and the possible consequences are [……..]”.
>>
>
>Some things that are possible to do in theory shouldn't be done in practice,
>because the consequences when their implementations fail can be severe and
>outweigh the benefits.
>
>In theory, inserted EHs will be removed 100% of the time. In practice they won't
>be, because implementations can have bugs and they can also fail in unexpected
>ways e.g., hardware faults.
>
>Regards,
>Mark.