IETF Logo Mail Archive

Re: Next steps on Extension Header Insertion

otroan@employees.org Thu, 03 November 2016 10:09 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B87812947D for <ipv6@ietfa.amsl.com>; Thu, 3 Nov 2016 03:09:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.962
X-Spam-Level: *
X-Spam-Status: No, score=1.962 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_SORBS_WEB=3.297, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=employees.org; domainkeys=pass (1024-bit key) header.from=otroan@employees.org header.d=employees.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S1mJjt-zLI0y for <ipv6@ietfa.amsl.com>; Thu, 3 Nov 2016 03:09:53 -0700 (PDT)
Received: from inbound03.kjsl.com (inbound03.kjsl.com [IPv6:2001:1868:a100:131::62]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFDB81294AE for <ipv6@ietf.org>; Thu, 3 Nov 2016 03:09:52 -0700 (PDT)
Received: from cowbell.employees.org ([65.50.211.142]) by ironport03.kjsl.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Nov 2016 10:09:50 +0000
Received: from cowbell.employees.org (localhost [127.0.0.1]) by cowbell.employees.org (Postfix) with ESMTP id D5F5A9CC7C; Thu, 3 Nov 2016 03:09:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s= selector1; bh=T5bgJoot2ZRuTq6GayfbotxYCxw=; b=dEe1ZmHfR16nfdR5xd YtBwE3WhOXwVT2yQLT4H/axNeOOtzqwLOIvsaMf3G+1jMXVATx/kGAZXTnu+yodZ sZFWRieT12KM5ksG+VEMmQ6QE0zja8V/4FisOOVAEnUXOyZYbqdAkR17yNp00Cy1 weJqhyHe8cazoL1h1bSq048PA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; q=dns; s= selector1; b=Acsx8N/DR1c1zxShlPIp5oY7/p7GpjnJh/ffqVIdcDAvC1FViTx aePKNhuh0qO1gw20dgHzYC4Y7UrBvWUkYWHunlVHOtv11GHc+2TVjo2zExUBbQ9Y f/6hDl+eAh+spxmp0cyWnp7AuLd/Ga5voNrKl/+0/RA44pi6NZ2PYVvY=
Received: from h.hanazo.no (unknown [85.19.205.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: otroan) by cowbell.employees.org (Postfix) with ESMTPSA id 796A49CC51; Thu, 3 Nov 2016 03:09:49 -0700 (PDT)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by h.hanazo.no (Postfix) with ESMTP id BE77F59300EC; Thu, 3 Nov 2016 11:09:46 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
Subject: Re: Next steps on Extension Header Insertion
From: otroan@employees.org
In-Reply-To: <CAG6TeAtJdUua3saSGz0SX7DW6hwf74yAexpnfYoP1bg6v1eywA@mail.gmail.com>
Date: Thu, 03 Nov 2016 11:09:46 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <EF8FE087-C84F-44C0-9769-72106115BDA9@employees.org>
References: <B291E9E6-A803-423F-BFA5-87A74DCFB784@gmail.com> <dfe00826-1bcd-80ae-e6dc-7763c506cbe4@si6networks.com> <9CA73891-B4FA-47DF-82E1-A4867DBC6A3F@steffann.nl> <3C56AA77-18E4-4254-BB6A-A447CE115392@employees.org> <CAG6TeAtJdUua3saSGz0SX7DW6hwf74yAexpnfYoP1bg6v1eywA@mail.gmail.com>
To: Fernando Gont <fgont@si6networks.com>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/yB5wV-8qqndRy9ZR_N-_bkzyZxs>
Cc: 6man WG <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 10:09:54 -0000

Fernando,

> > >> To make my point clear: I'm rather agnostic about SR, but I'm against
> > >> ambiguity in a std track documents, particularly when behind such
> > >> ambiguity there's the potential for a lot of problems.
> > >
> > > Well said. Ambiguity is harmful here and will cause serious problems later.
> >
> > There is absolutely no evidence that the lack of normative text here has led to any problems...
> 
> Because nobody before proposed or pushed into code the idea of mangling packets in the middle of the network with IPv6

That's only partly true from an IETF perspective (NPT66, TCP quick start... ), and certainly not the case if you look at the plethora of packet mangling middleboxes out there.

> > Regardless, it is also impossible to specify all the things creative people shouldn't be allowed to do. And that's probably not the purpose of standardisation either. It is to specify enough to make implementation interoperable.
> 
> If IPsec, Path-MTU, and normal troubleshooting could all break as a resultar of this, yes, we do have a say, and we should say so.
> 
> We should clearly state what the architecture is, including whether packets are meant to be end2end, or  expect anyone to do their own thing.
> 
> If I read the v6 spec, at the very least, I want to be able to tell whether I can expect that whatever I received in a packet was produced by the source, or whether it could have been produced by the network itself. Since a layer-3 protocol is supposed to be something quite simple, and such question is core to the architecture, I'd expect the spec to answer the question.
> 
> Clearly, it was obvious to everyone that intermediate systems don't mangle v6 packets  But since all this discussion seems to indicate it wasn't so obvious to everyone, the spec should make this important point very clear.
> 
> I'd say that some of the options given in the poll are rather misleading... Because truth is that as of today, header insertion is not allowed. So any discussion about "preferred way of doing eh insertion" seems like an implicit update/"relax of the spec" to me.

I fully agree with you on the architectural principles. I also think the Internet should be end to end transparent and that firewalls, NATs and other middleboxes have no place in the Internet architecture. _That_ political statement isn't for the core IPv6 _protocol specification_ though.


> > I'm just trying to point out that we shouldn't blow this issue out of proportion. Whatever we end up doing here, it is hard to see it being particularly important, nor have any big consequences.
> 
> Is that a politically-correct way of saying we're just irrelevant?

In the larger perspective we are all irrelevant. ;-)

I'm saying this is to a large degree politics. And as much as we want to put the middlebox cat back in the sack, the IETF doens't have the power to do that. Nor do I think it should.

End to end transparency has to be done by the end hosts with some sort of crypto.

Best regards,
Ole

v2.23.0 | Report a Bug | By Email