Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-tsvwg-transport-encrypt-19.txt> (Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols) to Informational RFC
Fernando Gont <fgont@si6networks.com> Sat, 13 February 2021 02:21 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FE4A3A1255; Fri, 12 Feb 2021 18:21:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQgsyGHvxdnr; Fri, 12 Feb 2021 18:21:06 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 524D83A1220; Fri, 12 Feb 2021 18:21:03 -0800 (PST)
Received: from [IPv6:2800:810:464:2b9:4181:442:5061:d73f] (unknown [IPv6:2800:810:464:2b9:4181:442:5061:d73f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id CD2982808A6; Sat, 13 Feb 2021 02:20:59 +0000 (UTC)
To: Tom Herbert <tom@herbertland.com>
Cc: Fernando Gont <fernando@gont.com.ar>, Michael Richardson <mcr+ietf@sandelman.ca>, "tsvwg@ietf.org" <tsvwg@ietf.org>, "saag@ietf.org" <saag@ietf.org>
References: <161257199785.16601.5458969087152796022@ietfa.amsl.com> <f1a1aaef-5400-89ca-fe26-786686800036@gont.com.ar> <MN2PR19MB4045B25A78B3C0841CC8EAFE838D9@MN2PR19MB4045.namprd19.prod.outlook.com> <2fb9d724-7f8a-93cd-9045-eb3852345a9e@erg.abdn.ac.uk> <1416490d-6532-59ce-e09f-388db716af8f@si6networks.com> <CALx6S35_Rb_vUyDddaiJtt2iT2Gvev=bLs7Rip8TQ8yZppMLDQ@mail.gmail.com> <1005a57d-d24b-a71e-e977-2be84ad63695@si6networks.com> <CALx6S35U_Re0T5f9m4AbNyvv7Gk6s9UoN1wdo7_j_phSMm+2gg@mail.gmail.com> <1dcb48f6-f621-11f8-9e9a-067b65c44818@si6networks.com> <CALx6S351GUy=FJAZ1h6YYfmvJv2yGVVDma26r=Fu56bgzwhFpQ@mail.gmail.com> <16740.1613082711@localhost> <CALx6S376UeJrikyyAbdTFAYzzEMackbaxiXri897xugJJf5mMA@mail.gmail.com> <b6780de8-fc73-cb35-5f44-87907681448a@gont.com.ar> <CALx6S376vcrugJqgk1oGBsfzoGmpTnFqgzzSoiV5hzekswA5rw@mail.gmail.com> <0856c5b2-57a7-cb6f-e74b-c2d1af568c28@si6networks.com> <CALx6S35d4J4i1tRwYbv=uj2gVRudxVnsQXZTEjZdP0ADaj_YsA@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <8556e4ca-39a3-7e65-d60c-0ada1412fe46@si6networks.com>
Date: Fri, 12 Feb 2021 23:07:54 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CALx6S35d4J4i1tRwYbv=uj2gVRudxVnsQXZTEjZdP0ADaj_YsA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/THd12YWTeTdzymh_GKnzQsT5ofY>
Subject: Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-tsvwg-transport-encrypt-19.txt> (Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols) to Informational RFC
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Feb 2021 02:21:09 -0000
On 12/2/21 22:53, Tom Herbert wrote: [....] >>> IMO, HBH is the best vehicle >>> to express this information and there is some good work in Network >>> tokens, FAST, and APN around this. >> >> RFC7872 seems to suggest otherwise. >> > I disagree. RFC7872 was one snapshot in time and is now coming up on > five years since it was published; since then RFC8200 was published > with relaxed requirements for intermediate nodes and there is a lot > more active work on extension headers. There's a lot of active work on EHs, yes. You can use them in limited domains. But you'll likely have a bitter experience otherwise. (To share you my own: I recently replaced my IPv4-transport tunnels with IPv6-transport tunnels... but but some failed. Why? Because, Linux employs (by default) a tunnel encapsulation limit option, which requires a DO header to be inserted. And such packets often get dropped) You may get the same when trying to use ESP, too. RFC8200 changed the processing of HBH. But there are general implications of EHs (in general) -- RFC8200 has changed nothing about that (and in fact, it couldn't have). > Besides that, we don't need or > expect 100% of the Internet to support EH, we can use it > opportunistically when we know the path works (e.g. the destination is > a server within the user's provider network that supports the > features). That's indeed a different scenario (a so-called "limited domain") -- i.e. your network, your rules. But I believe the discussion here is about the implications on an Internet-wide scope. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- [saag] Fwd: Last Call: <draft-ietf-tsvwg-transpor… Benjamin Kaduk
- Re: [saag] Fwd: Last Call: <draft-ietf-tsvwg-tran… Fernando Gont
- Re: [saag] Fwd: Last Call: <draft-ietf-tsvwg-tran… Black, David
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Gorry Fairhurst
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Fernando Gont
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Tom Herbert
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Fernando Gont
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… C. M. Heard
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Tom Herbert
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Fernando Gont
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Tom Herbert
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Fernando Gont
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Michael Richardson
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Fernando Gont
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Michael Richardson
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Tom Herbert
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Fernando Gont
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Fernando Gont
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Tom Herbert
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Sebastian Moeller
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Fernando Gont
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Tom Herbert
- Re: [saag] [tsvwg] Fwd: Last Call: <draft-ietf-ts… Fernando Gont