IETF Logo Mail Archive

Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-filtering-03

Joe Touch <touch@strayalpha.com> Thu, 05 October 2017 18:28 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 790D01343C3 for <opsec@ietfa.amsl.com>; Thu, 5 Oct 2017 11:28:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iZ_lynyIG3aK for <opsec@ietfa.amsl.com>; Thu, 5 Oct 2017 11:28:24 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E608513433C for <opsec@ietf.org>; Thu, 5 Oct 2017 11:28:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=/vQi38jAMHdwCM/gB16pv9iAtk41QFa8lc68ddwCHA4=; b=Eqdjd+W2pxkVfZeCl9UiFyqNK yCWGXlFTkSAOTgGWm/ScX2LtUW6LyP/QvkNnxXNQcp0l9ffiZdq3rYFXJYvoDB29QRpuSglslniK8 eJZithl4YGFPXn57Naq1+SG+cYEySE3+FGn2yR5mL1HNUgx0zP0oBjbHuI1Y5HEHsVL8IE+27zgWk 06SRF4T9ybkR12/TvHjbe2jQyBQGapIKgYXWlOR3ikANzExJTAesZmMkF1IvBQY9KUNXwkL1cPYm6 nfItKVo48cigCbIxTQowivUr4HDM3lATllTvvhrkQmdmH2C+ymp9Hfu0vXZ9ueIEH/igMMXQrZriS 4VdKSO/2A==;
Received: from [172.58.23.197] (port=65491 helo=[IPv6:2607:fb90:6643:c811:48f0:7e29:a138:1426]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.87) (envelope-from <touch@strayalpha.com>) id 1e0Asf-003yYq-Ek; Thu, 05 Oct 2017 14:28:23 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail-C8CA20A4-37A1-46D0-86C5-9529D7DCCA69"
Mime-Version: 1.0 (1.0)
From: Joe Touch <touch@strayalpha.com>
X-Mailer: iPhone Mail (15A421)
In-Reply-To: <BLUPR0501MB2051A8FFB1DAFDCA9873B9E6AE700@BLUPR0501MB2051.namprd05.prod.outlook.com>
Date: Thu, 05 Oct 2017 11:28:15 -0700
Cc: "C. M. Heard" <heard@pobox.com>, OPSEC <opsec@ietf.org>, Bob Hinden <bob.hinden@gmail.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Transfer-Encoding: 7bit
Message-Id: <1B0C8F91-89B5-4F53-86DF-D79A3D18A76C@strayalpha.com>
References: <CACL_3VExxwN6z-WHbp3dcdLNV1JMVf=sgMVzh-k0shNJFeADbQ@mail.gmail.com> <BLUPR0501MB2051A8FFB1DAFDCA9873B9E6AE700@BLUPR0501MB2051.namprd05.prod.outlook.com>
To: Ron Bonica <rbonica@juniper.net>
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/4rS40FQtJBKi2Vt5o1Fk78OjvuY>
Subject: Re: [OPSEC] WGLC for draft-ietf-opsec-ipv6-eh-filtering-03
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Oct 2017 18:28:26 -0000


> On Oct 5, 2017, at 11:04 AM, Ron Bonica <rbonica@juniper.net> wrote:
> 
> I think that you just struck the note that Fernando and I missed. Transit routers filter extension headers for one of the following reasons:
> 
>  
> 
> -          To protect themselves (as in RFC 6192)
> 
> -          To protect downstream devices
> 
A similar dimension includes the impact to the IPv6 standard, ie is the behavior permitted, allowed but discouraged, or in violation. 

Protecting yourself and other devices might not be valid if you break the protocol. Just because a router can’t do something isn’t a reason to say it’s ok not to.  

IPv6 is a ride with a minimum height requirement. 

Joe

v2.23.0 | Report a Bug | By Email