IETF Logo Mail Archive

Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-v6

神明達哉 <jinmei@wide.ad.jp> Wed, 19 April 2017 22:15 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18DAC129BBF; Wed, 19 Apr 2017 15:15:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D-v_44RrDoqq; Wed, 19 Apr 2017 15:15:18 -0700 (PDT)
Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F283F12950A; Wed, 19 Apr 2017 15:15:17 -0700 (PDT)
Received: by mail-qt0-x234.google.com with SMTP id m36so31724130qtb.0; Wed, 19 Apr 2017 15:15:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=vzEkAXCY7FJsIexOypcsXKg2PSMdDvJB6HZg5m7ycsY=; b=aAa/7HvZwtIO9iDkj9n8Wq/j6Z6d5qW/K1YhlFReMa5spVSM5Lo3a4Q/X/paYd+Nuv Np39u+hbcNpiaWwdoNzzefWslfbi6IZ6ToPpKoIp/36NQVLnWt6mS0rf+GCimKhS3Cen 8fF9sIibJZBxAx0h4hqPArvDKgXHbdmCvYMAbwq8FvJ9A8eHKdJgPObKwa3HaLqmzcnt xhwMegIcF9aKcMlEZYFRVzrrPTu2TeAfaGQRyRwHYfMldADWIA3Lx5Vkslkz5JFrnQSt QTRO51uS/COia7D1XcpThiQuOCqk8rKjPkIlayCIhLiLHXmxWtsz+r6PU0AuyGYbJ0Z6 5uLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=vzEkAXCY7FJsIexOypcsXKg2PSMdDvJB6HZg5m7ycsY=; b=jspemVwp2VO3vuwU+SNgPdvphkDuVh6XSLFG5LFqU4Vky8Lm8tGOyBvVcKvJwKrEuR fKTekgg3b92fY7dE1QERLXZSB86zvu/ghOV2XLauFg6aL32+5gD4ZxZhcm+sFV4fg+o1 e9D/f4Pam0j6KQeLiVE+5G2KUF6+3IucVJxXAbvgEui75rkfK9GOCyKAgwKXUvc9Z50P J1BwjjiFtvc3FFDSkt+ae48nBDj10sSTPu6/YZ42EIdmN9Cr54tlz4+hrEk1dqHkMj68 DgSMJqhPUD7U9ephnpTEIY9uAHsxGZr3Zsr/BxUZHRR6oPxN1G4V67CrUKGdeUiDc4xR sHSQ==
X-Gm-Message-State: AN3rC/4gahTRUbkhUCg27n5tMwpz7X306HebERuhpVEUdT0k9c953aRP UE+RsFpFtIMiG+BQtpvBPtFWaeHwWA==
X-Received: by 10.237.57.170 with SMTP id m39mr4733481qte.163.1492640117020; Wed, 19 Apr 2017 15:15:17 -0700 (PDT)
MIME-Version: 1.0
Sender: jinmei.tatuya@gmail.com
Received: by 10.237.60.208 with HTTP; Wed, 19 Apr 2017 15:15:16 -0700 (PDT)
In-Reply-To: <c260f415-ca53-69f1-e363-7e27d2580c67@si6networks.com>
References: <55cb757e-ee2d-4818-9fc2-67d559006f34@me.com> <3E179F05-ACCD-4290-A65F-57E4202FAA15@icloud.com> <097C5D0E-5708-4CE4-989A-0174B11D1B25@employees.org> <1491877d-b445-af79-1f44-2e5507054a92@si6networks.com> <20391B01-0677-4E55-B83F-B517A32B7066@employees.org> <6675ff16-7294-5623-1e44-7bd3d41aed2b@si6networks.com> <BBE95D76-13FF-4FAA-A3FA-AA1E4923EB91@employees.org> <3edf94e6-3fde-03f8-21ec-f02b37fa83fa@si6networks.com> <D0E3AF6B-D2C1-45E9-95C5-AB216DDD4D66@employees.org> <c260f415-ca53-69f1-e363-7e27d2580c67@si6networks.com>
From: 神明達哉 <jinmei@wide.ad.jp>
Date: Wed, 19 Apr 2017 15:15:16 -0700
X-Google-Sender-Auth: pgHIftga7RlC6QZJwc-R8_B9WTQ
Message-ID: <CAJE_bqcOB_r5ymU7D0xk6QHOaSo2vL7tE14cEtOLb4=18ahy_Q@mail.gmail.com>
To: Fernando Gont <fgont@si6networks.com>
Cc: Ole Troan <otroan@employees.org>, Gunter Van De Velde <guntervandeveldecc@icloud.com>, "opsec@ietf.org" <opsec@ietf.org>, "6man@ietf.org" <6man@ietf.org>, "v6ops@ietf.org Operations" <v6ops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/y-iCZDOd1UVbDPyuCFmZPwFJyQk>
Subject: Re: [OPSEC] [v6ops] WGLC for draft-ietf-opsec-v6
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 22:15:19 -0000

At Tue, 18 Apr 2017 15:15:37 +0100,
Fernando Gont <fgont@si6networks.com> wrote:

> > You will probably save everyone a lot of energy if you just admit
> > you had missed it, and moved on.
>
> Huh?
>
> I obviously missed it. But this should still be in RFC2460 (or
> rfc2460bis, FWIW). RFC4443 is supposed to specify ICMPv6, nt forwarding
> for IPv6 packets.
>
> Having important requirements spread into a number of documents where
> they don't belong doesn't help, and in the long run takes more energy
> (and creates more problems) than spending the energy in doing what is right.

I see your point, but this is not the only case where a description in
RFC4443 could also be in RFC2460 but isn't.  Destination unreachable
code 2 (Beyond scope of source address) is also related to forwarding,
but it's not documented in RFC2460.  Code 4 (Port unreachable) is a
matter of upper layer consideration, but it's not documented in
Section 8 of RFC2460.  I'm sure there are more.

In the ideal world we could make all these points perfect: everything
is documented everywhere consistently with minimal redundancy or
scattering but still avoiding to push everything in a single monster
document.  Obviously it's an impossible goal in the real world, and we
should accept some level of redundancy or scattering (or even
inconsistency as a matter of fact).  In this particular case I
personally think it's acceptable: the ICMPv6 specification is so
fundamental, so I'd say it's reasonable to say that any serious
implementer should read it carefully.  There should always be someone
who overlooks some particular point (like you missed this specific
one), but that doesn't necessarily mean we should update the
documentation so that that particular person would not have missed it.
There would still be someone who miss it no matter redundantly we
describe it.

In that sense, I tend to agree with Ole. (But I wouldn't be opposed to
making this in rfc2460bis either if that's the wg consensus, although
at this moment no one else seems to think this is an issue to be
fixed).

--
JINMEI, Tatuya

v2.23.0 | Report a Bug | By Email