Re: Next steps on Extension Header Insertion
Sander Steffann <sander@steffann.nl> Thu, 03 November 2016 13:11 UTC
Return-Path: <sander@steffann.nl>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58EEE129552 for <ipv6@ietfa.amsl.com>; Thu, 3 Nov 2016 06:11:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=steffann.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cWsMQBw5sKgV for <ipv6@ietfa.amsl.com>; Thu, 3 Nov 2016 06:11:14 -0700 (PDT)
Received: from mail.sintact.nl (mail.sintact.nl [IPv6:2001:9e0:803::6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D50B129493 for <ipv6@ietf.org>; Thu, 3 Nov 2016 06:11:14 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.sintact.nl (Postfix) with ESMTP id 78B6E40; Thu, 3 Nov 2016 14:11:12 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=steffann.nl; h= x-mailer:references:message-id:date:date:in-reply-to:from:from :subject:subject:mime-version:content-type:content-type:received :received; s=mail; t=1478178669; bh=etJYiI9YAZokE1Mmnt1/csILmyu9 yJ6sQuUNo8iW/9M=; b=XIrj1lMfquGgKcyn9JeJ1ta4s5xw4E3ytS9Pti99HYoa flevnV4lJ2V/SsC2Tw2F7hiob61BRAJjtcIZDEr/+izWILx9X/LfbLUpoEOX4ScH D5gBWRa12JOabiI6rnnxeQJGGmsuHXjv7XH8wMoww/y75LCEs6dkr2v+E/iLj3o=
X-Virus-Scanned: Debian amavisd-new at mail.sintact.nl
Received: from mail.sintact.nl ([127.0.0.1]) by localhost (mail.sintact.nl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Nd0YwFvSuwZC; Thu, 3 Nov 2016 14:11:09 +0100 (CET)
Received: from [IPv6:2a02:a213:a300:9300:5d6b:5859:45cd:8d10] (unknown [IPv6:2a02:a213:a300:9300:5d6b:5859:45cd:8d10]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.sintact.nl (Postfix) with ESMTPSA id AB24638; Thu, 3 Nov 2016 14:11:09 +0100 (CET)
Content-Type: multipart/signed; boundary="Apple-Mail=_A4770A79-3C43-478B-BE3D-3128FE810409"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Subject: Re: Next steps on Extension Header Insertion
X-Clacks-Overhead: GNU Terry Pratchett
From: Sander Steffann <sander@steffann.nl>
In-Reply-To: <5FA646CC-DD40-4D20-A6C5-AF1D5D90E563@employees.org>
Date: Thu, 03 Nov 2016 14:11:08 +0100
Message-Id: <7010E4D5-2A0E-4358-AD76-9996004ED642@steffann.nl>
References: <B291E9E6-A803-423F-BFA5-87A74DCFB784@gmail.com> <dfe00826-1bcd-80ae-e6dc-7763c506cbe4@si6networks.com> <9CA73891-B4FA-47DF-82E1-A4867DBC6A3F@steffann.nl> <3C56AA77-18E4-4254-BB6A-A447CE115392@employees.org> <CAG6TeAtJdUua3saSGz0SX7DW6hwf74yAexpnfYoP1bg6v1eywA@mail.gmail.com> <17984D1D-1A3C-4AA5-B2EC-BE5C645A272C@steffann.nl> <369FB219-9979-43CE-B83D-D7C422FC7711@employees.org> <53FE6D80-040F-42DA-BA51-F3A40ABF248F@steffann.nl> <5FA646CC-DD40-4D20-A6C5-AF1D5D90E563@employees.org>
To: otroan@employees.org
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/xRGHWbSkApp2qBFDGRkkyFzbWG0>
Cc: Fernando Gont <fgont@si6networks.com>, Bob Hinden <bob.hinden@gmail.com>, 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 13:11:20 -0000
Hi, > What you are saying is something like: > > "The IPv6 header fields described as immutable in RFC4302 MUST NOT be changed by the network. If within an administrative domain any of the immutable fields are changed, they MUST be restored on exit from the domain." > > Correct? Yes, thank you for coming up with a good short bit of text. As RFC4302 defines the next-header field as immutable that would lock down the EH chain, > Cheers, > Ole > > PS: As an operator would you be happy if I sent packets with NH=59, SA=:: with an integrity check covering all fields apart from the HLIM field, and everything else beyond the IPv6 header (40 bytes) was encrypted? Hmmmmm. Interesting question. As a network operator I'd probably drop that packet because of BCP38. As a security engineer I would be scratching my head and wondering what was going on. But effectively the payload wouldn't be that different from ESP... Cheers, Sander
- Next steps on Extension Header Insertion Bob Hinden
- Syntax glitch [Re: Next steps on Extension Header… Brian E Carpenter
- Re: Syntax glitch [Re: Next steps on Extension He… Bob Hinden
- Re: Syntax glitch [Re: Next steps on Extension He… Mark Smith
- Re: Syntax glitch [Re: Next steps on Extension He… otroan
- Re: Next steps on Extension Header Insertion 神明達哉
- Re: Next steps on Extension Header Insertion Bob Hinden
- Re: Next steps on Extension Header Insertion 神明達哉
- Re: Next steps on Extension Header Insertion Fred Baker
- Re: Next steps on Extension Header Insertion Fernando Gont
- Re: Next steps on Extension Header Insertion 神明達哉
- Re: Next steps on Extension Header Insertion Sander Steffann
- Re: Next steps on Extension Header Insertion Jan Zorz - Go6
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Mark Smith
- Re: Next steps on Extension Header Insertion otroan
- Reminder, poll on header insertion closes soon Bob Hinden
- Re: Next steps on Extension Header Insertion Fernando Gont
- RE: Next steps on Extension Header Insertion mohamed.boucadair
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Tim Chown
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Sander Steffann
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Sander Steffann
- Re: Next steps on Extension Header Insertion Jan Zorz - Go6
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Sander Steffann
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Sander Steffann
- Re: Next steps on Extension Header Insertion Mark Smith
- Re: Next steps on Extension Header Insertion Brian E Carpenter
- Re: Next steps on Extension Header Insertion Brian E Carpenter
- Re: Next steps on Extension Header Insertion Mark Smith
- Re: Next steps on Extension Header Insertion Tim Chown
- Re: Next steps on Extension Header Insertion Stefano Previdi (sprevidi)
- Re: Next steps on Extension Header Insertion Fernando Gont
- Re: Next steps on Extension Header Insertion Fernando Gont
- Re: Next steps on Extension Header Insertion Stefano Previdi (sprevidi)
- Re: Next steps on Extension Header Insertion Mark Smith
- Re: Next steps on Extension Header Insertion Stefano Previdi (sprevidi)
- Re: Next steps on Extension Header Insertion Brian E Carpenter
- Re: Next steps on Extension Header Insertion otroan
- Re: Next steps on Extension Header Insertion Stefano Previdi (sprevidi)
- Re: Next steps on Extension Header Insertion Stefano Previdi (sprevidi)
- Re: Next steps on Extension Header Insertion 神明達哉
- Re: Next steps on Extension Header Insertion Brian E Carpenter
- Re: Next steps on Extension Header Insertion Stefano Previdi (sprevidi)
- Re: Next steps on Extension Header Insertion Tim Chown