[IPv6] Link-local URI status (rfc6874bis)
Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 01 November 2023 02:02 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58AB7C1A07F5 for <ipv6@ietfa.amsl.com>; Tue, 31 Oct 2023 19:02:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jm_1rLrXlmuQ for <ipv6@ietfa.amsl.com>; Tue, 31 Oct 2023 19:02:50 -0700 (PDT)
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE5EEC19333C for <ipv6@ietf.org>; Tue, 31 Oct 2023 19:02:50 -0700 (PDT)
Received: by mail-pl1-x62d.google.com with SMTP id d9443c01a7336-1cc2575dfc7so34936495ad.1 for <ipv6@ietf.org>; Tue, 31 Oct 2023 19:02:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698804170; x=1699408970; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:from:content-language :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=fmaVyF9FKhecN9MO4+sriPlwbAgKg336jzOc4xhfasE=; b=EVYS+JH38ieyiv20Ak7eOC2mIWMKG1eivIq7z/xHlKlQslMu2qKzjBxrOAYPI20Xbk vmiUGudJEAFzwAQGiezIQ+2WIchJgWT3ScuyD4920WiuRtiWAe0cT8K006TCVBg8Xj+I 8xWkJrrgLwGZGm8l8jMWoma81wQvX7GEjO7QjSMC07zNrXzQvjjKJ4FV/j12Uvo7TA0t 7/FmmTECdp0oke00NISn0kUtRi/28JSKFS4bK8f1pdzjin1ijd9tC2kvv5SV+YI85yKK 7h8gp0e1tR6eJt1p71hYfXd7Vzut+c8AOC7aevzDrKHDz5eF/G9qzeW47FmAeXjvRwre 5Rpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698804170; x=1699408970; h=content-transfer-encoding:cc:to:subject:from:content-language :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=fmaVyF9FKhecN9MO4+sriPlwbAgKg336jzOc4xhfasE=; b=Gd+qhYXO5hq7/m5Eps5uTq9CXGWoQmMA7vulBByvswOEWe2D/oYwYXriVP25MSTEOu MRS8lzlGLBcXTMdpowL8B4XbZiGy/n9+6TVELo30mkcKlnWyoN4ZXiGltiMJqMm2iGKs Cf7Z9WnVv4HweoE2oKTztdF0kx86MbEBG6Z2qf8Sd+fElLU6qcX7/IH3smPeMM3/ckHz UUZNUMXVv6+qaLXctUtZ1EqsHBdpcwofPVrG5dredGSY3J+3mkqWC65H2YDkb6vEPAUw qOysDPyjNgxSXSrkz4OXbZPeoZIrvnOcH3Sx7avuBv3zxKzPjwKqAHZYAYbUy7XTvsiK Ej+w==
X-Gm-Message-State: AOJu0Yzh+tVgokZp16TJ8ha2QB5dgg2BU12gaLP3F4aL9hhQzvVyKzmE 4XwtfIhR+coXRfDMbk1/bXYZWFzuhy4SOQ==
X-Google-Smtp-Source: AGHT+IEsjy6OshaPs0zG7yb4jG/XQU4z+F6OdrkHas63URKPZtm0e40kOaQn7Yy+ddinRhQLNjLCHA==
X-Received: by 2002:a17:903:11cf:b0:1ca:362b:166c with SMTP id q15-20020a17090311cf00b001ca362b166cmr14228160plh.61.1698804169580; Tue, 31 Oct 2023 19:02:49 -0700 (PDT)
Received: from ?IPV6:2406:e003:110d:5301:8cb6:a2c:7461:4047? ([2406:e003:110d:5301:8cb6:a2c:7461:4047]) by smtp.gmail.com with ESMTPSA id c7-20020a170902d48700b001c465bedaccsm207331plg.83.2023.10.31.19.02.47 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 31 Oct 2023 19:02:49 -0700 (PDT)
Message-ID: <17352fa3-c3c9-3cc3-27f2-f8f57dfff383@gmail.com>
Date: Wed, 01 Nov 2023 15:02:43 +1300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
To: 6man <ipv6@ietf.org>
Cc: Bob Hinden <bob.hinden@gmail.com>, Stuart Cheshire <cheshire@apple.com>, "Rob Wilton (rwilton)" <rwilton@cisco.com>, "Murray S. Kucherawy" <superuser@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/zxhYIunWKtpEnSp0QDz_FFG3A08>
Subject: [IPv6] Link-local URI status (rfc6874bis)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Nov 2023 02:02:55 -0000
Hi 6man, Since I will not be in Prague or on-line, this is an update for the WG on the status of draft-ietf-6man-rfc6874bis. If you've forgotten, the draft allows http://[fe80::1%eth0] as a valid URI. In summary: it is blocked in the IESG. Possible WG actions are listed at the end. There are two unresolved DISCUSS ballots: https://datatracker.ietf.org/doc/draft-ietf-6man-rfc6874bis/ballot/#draft-ietf-6man-rfc6874bis_robert-wilton https://datatracker.ietf.org/doc/draft-ietf-6man-rfc6874bis/ballot/#draft-ietf-6man-rfc6874bis_murray-kucherawy Here is my personal summary of the remaining issues, and what we have done since IETF Last Call and IESG review to resolve them: 1. Re Rob Wilton's DISCUSS: We clarified character set restrictions needed for compatibility with URI rules, and the applicability of numeric identifiers as a work-around for these character set restrictions. I believe these are the only changes possible, given RFC4007, the ~20 years of history in the POSIX and Winsock APIs, and the widespread implemention of these in host stacks. The difficulties that Rob has are not so much with this draft but more with that underlying model. Quoting his off-list message: "I don’t regard interfaces on network devices as inherently having a numeric identifier." But like it or not, the nodes on which browsers normally run follow RFC4007 and *do* inherently have numeric interface indices. We don't have any choices there. (I do think that RFC4007 is inadequate and needs to be updated to reflect current reality, but that's orthogonal.) 2. Re Murray Kucherawy's DISCUSS: 2.1 The fact that almost no developers have decided to implement this so far seems non-blocking to me. For all the use cases listed in the draft, there is a user-side view that this just ought to work, and when it fails, this is perceived as a bug. Arguments that it's 'unimplementable' or 'insecure' deserve answers: 2.2 The 'unimplementable' argument is based on using the '%' sign as a separator, whereas its normal role in a URI is as an escape character. Roy Fielding has argued that there are many URI parsers around that handle percent-encoding in different ways (somewhat regardless of the formal ABNF syntax). As result, he asserts that stepwise introduction of the draft is impossible in practice. The draft argues that it doesn't matter if unmodified parsers throw an error if they see the new syntax, because that is what they do today anyway, so the new syntax can be deployed progressively. There is an alternative (discussed in this WG years ago): use a different separator, e.g. http://[fe80::1-eth0] This still requires URI parsers to be modified and progressively deployed, but without interacting with percent-encoding. That is mainly a simplification of the programming problem. It does have its own programming complication - the '-' must be replaced by '%' before making relevant socket calls. 2.3 The 'security' argument is related to what the Web community calls Cross-Origin Resource Sharing (CORS). This is a very complex topic that I do not claim to understand and will not attempt to summarise here. IPv4 and IPv6 link-local address literals are considered problematic, like other IP addresses with local (a.k.a. private) scope, such as ULAs. The background is at https://wicg.github.io/private-network-access/. What I do not understand about this argument is that the CORS issue exists for http://[fe80::1] already, and as far as I can see is identical for http://[fe80::1%eth0]. If so, that is no reason to block rfc6874bis. The draft has been updated several times in an attempt to resolve these two DISCUSSes, and a couple of side meetings have been held at recent IETFs. We tried to set up a video chat before IETF 118 but it didn't work out. Possible WG actions: 1. Drop the draft and leave the use cases unsolved. 2. Accept the change to http://[fe80::1-eth0] and push the IESG to dismiss the other objections as beside the point. 2a. Also undertake a major revision of RFC4007. 3. Something else. I'd be interested to hear opinions about these options. Regards Brian Carpenter
- [IPv6] Link-local URI status (rfc6874bis) Brian E Carpenter
- Re: [IPv6] Link-local URI status (rfc6874bis) Carsten Bormann
- Re: [IPv6] Link-local URI status (rfc6874bis) Brian E Carpenter
- Re: [IPv6] Link-local URI status (rfc6874bis) Michael Richardson
- Re: [IPv6] Link-local URI status (rfc6874bis) Michael Sweet
- Re: [IPv6] Link-local URI status (rfc6874bis) Brian E Carpenter
- Re: [IPv6] Link-local URI status (rfc6874bis) Brian E Carpenter
- Re: [IPv6] Link-local URI status (rfc6874bis) Michael Sweet
- Re: [IPv6] Link-local URI status (rfc6874bis) Michael Sweet
- Re: [IPv6] Link-local URI status (rfc6874bis) Brian E Carpenter
- Re: [IPv6] Link-local URI status (rfc6874bis) Eric Vyncke (evyncke)
- Re: [IPv6] Link-local URI status (rfc6874bis) Brian Carpenter
- Re: [IPv6] Link-local URI status (rfc6874bis) Michael Richardson
- Re: [IPv6] Link-local URI status (rfc6874bis) Erik Nygren
- Re: [IPv6] Link-local URI status (rfc6874bis) Brian E Carpenter