Re: Adrian Farrel's No Objection on draft-ietf-6man-ext-transmit-04: (with COMMENT)
"C. M. Heard" <heard@pobox.com> Mon, 07 October 2013 21:28 UTC
Return-Path: <heard@pobox.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6AA711E817B for <ipv6@ietfa.amsl.com>; Mon, 7 Oct 2013 14:28:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6MHa870RYv1I for <ipv6@ietfa.amsl.com>; Mon, 7 Oct 2013 14:28:09 -0700 (PDT)
Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by ietfa.amsl.com (Postfix) with ESMTP id A705B11E813D for <ipv6@ietf.org>; Mon, 7 Oct 2013 14:28:09 -0700 (PDT)
Received: (qmail 18952 invoked from network); 7 Oct 2013 14:28:07 -0700
Received: from shell4.bayarea.net (209.128.82.1) by shell4.bayarea.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 7 Oct 2013 14:28:07 -0700
Date: Mon, 07 Oct 2013 14:28:07 -0700
From: "C. M. Heard" <heard@pobox.com>
X-X-Sender: heard@shell4.bayarea.net
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: Adrian Farrel's No Objection on draft-ietf-6man-ext-transmit-04: (with COMMENT)
In-Reply-To: <52530921.3060202@gmail.com>
Message-ID: <Pine.LNX.4.64.1310071315370.13828@shell4.bayarea.net>
References: <20131007144327.16131.88173.idtracker@ietfa.amsl.com> <Pine.LNX.4.64.1310070914240.13173@shell4.bayarea.net> <52530921.3060202@gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: 6man-chairs@tools.ietf.org, Adrian Farrel <adrian@olddog.co.uk>, draft-ietf-6man-ext-transmit@tools.ietf.org, ipv6@ietf.org, The IESG <iesg@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2013 21:28:14 -0000
On Tue, 8 Oct 2013, Brian E Carpenter wrote: > Yes, and for a moment there you had me worried, but if the security > concern is that the unknown header may contain bad stuff and/or cause > a buffer overflow bug, then it really doesn't matter whether it is > an extension header or a payload header. In either case, if you let > the packet through, you are assuming that the destination host knows > what it's doing. That's correct. > We might need a slight rewording to remove the implication that > 253/254 can *only* be used as extension headers. Something like: > > "Experimental" extension headers include those defined by any > Experimental RFC, and the values 253 and 254 defined by [RFC3692] > and [RFC4727] when used as experimental extension headers. That would be a good change to the last paragraph of Section 1.1 but I'm not sure that it's sufficient. Section 2.1 recommends that forwarding nodes that inspect IPv6 headers be able to parse all defined extension headers and deal with them appropriately, specifically by having an individually configurable discard policy. I've assumed that this means that if a particular defined extension header type is not blackisted, the forwarding node should be able either to examine the innards of that header (a likely action with options headers) or skip over it and to proceed to the next header. The problem with next header values 253 and 254 when used as experimental next header types -- unlike assigned experimental extension header types that have a published spec -- is that it's not possible for the forwarding node to safely examine or skip over the headers they refer to without being part of the experiment. Maybe I'm making too much of this. Certainly a reasonable action for a middlebox that's told to pass packets with extension header types 253 and 254 is to stop parsing when it encounters those next header types and forward the packet in question. Maybe that's obvious to everyone -- but it seems to me that the spec, as written, is actually asking for something different. I'll gladly shut up if no one else sees a problem. > > 43 IPv6-Route Routing Header for IPv6 [Steve_Deering] > > 44 IPv6-Frag Fragment Header for IPv6 [Steve_Deering] > > > > We can ask IANA to fix bugs anytime, surely? Yes, and we should do that irrespective of the disposition of Adrian's comment. Since I brought this up, I'll volunteer to bring this to IANA's attention if the leadership wants me to do so (please let me know). //cmh
- Adrian Farrel's No Objection on draft-ietf-6man-e… Adrian Farrel
- Re: Adrian Farrel's No Objection on draft-ietf-6m… C. M. Heard
- Re: Adrian Farrel's No Objection on draft-ietf-6m… Brian E Carpenter
- Re: Adrian Farrel's No Objection on draft-ietf-6m… Brian E Carpenter
- Re: Adrian Farrel's No Objection on draft-ietf-6m… C. M. Heard
- Re: Adrian Farrel's No Objection on draft-ietf-6m… Brian E Carpenter
- RE: Adrian Farrel's No Objection on draft-ietf-6m… Templin, Fred L
- Re: Adrian Farrel's No Objection on draft-ietf-6m… Brian E Carpenter
- RE: Adrian Farrel's No Objection on draft-ietf-6m… Templin, Fred L
- RE: Adrian Farrel's No Objection on draft-ietf-6m… Templin, Fred L