IETF Logo Mail Archive

Re: [Softwires] Fwd: New Version Notification for draft-chen-softwire-4rd-u-comment-00.txt

Maoke <fibrib@gmail.com> Wed, 11 April 2012 13:44 UTC

Return-Path: <fibrib@gmail.com>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EACC521F8594 for <softwires@ietfa.amsl.com>; Wed, 11 Apr 2012 06:44:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.179
X-Spam-Level:
X-Spam-Status: No, score=-3.179 tagged_above=-999 required=5 tests=[AWL=0.119, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRwge46hUAOI for <softwires@ietfa.amsl.com>; Wed, 11 Apr 2012 06:44:49 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 04E4A21F8570 for <softwires@ietf.org>; Wed, 11 Apr 2012 06:44:48 -0700 (PDT)
Received: by qcsq13 with SMTP id q13so667379qcs.31 for <softwires@ietf.org>; Wed, 11 Apr 2012 06:44:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=029sxOq9dB0zGRUSmAjc4u4MKOzq2XVzjHaG7kAmNzU=; b=SlVvSqHMJ4M14G8zkz+5MjD0gZAHIOZPcQoEOTb4E3VgS4TAxW4jmCMNCpcilJ5doG 5T3Gz0cl/K4ETVdS3G/vYfiZQ4fWNxBSg9Cj4FOWFtM4f175b4rJT4yGuRjdCADRtTWx 3C/OX7G2WItqpDT7zlBYGU8RsD13yY15VV6Uhi4OL/mEMZRMPDehp+ZzTBpKN3J/iEBA SNieRCnyTvhkBNq9F/vSDH7mSpJrir+WmnW+LMzAV0T5VX+LARGe4zyjFnj4UHU1HRHy UbHBZTin7hHw1D11V0HbDW4Y2DqBT2eztBhAAK9Ofdpquo/xSYx6gJ1kI60Jxgn00oM/ JoYA==
MIME-Version: 1.0
Received: by 10.224.202.193 with SMTP id ff1mr20033319qab.36.1334151888446; Wed, 11 Apr 2012 06:44:48 -0700 (PDT)
Received: by 10.229.123.197 with HTTP; Wed, 11 Apr 2012 06:44:48 -0700 (PDT)
In-Reply-To: <69317BAA-F913-4484-898A-0EBC0238121F@laposte.net>
References: <20120410094728.8936.48011.idtracker@ietfa.amsl.com> <CAFUBMqXjnUK+-9eA4WwY27x_kkdNWO7vAJCYDpJk5jfd2K81xQ@mail.gmail.com> <69317BAA-F913-4484-898A-0EBC0238121F@laposte.net>
Date: Wed, 11 Apr 2012 22:44:48 +0900
Message-ID: <CAFUBMqVxjZkGos7j2RsCnJCwvO5DmPVooB=O7PTuBYbJAbzXfw@mail.gmail.com>
From: Maoke <fibrib@gmail.com>
To: Rémi Després <despres.remi@laposte.net>
Content-Type: multipart/alternative; boundary="20cf300faff563237b04bd677191"
Cc: Softwires-wg <softwires@ietf.org>
Subject: Re: [Softwires] Fwd: New Version Notification for draft-chen-softwire-4rd-u-comment-00.txt
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/softwires>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2012 13:44:50 -0000

postpone other parts, but focus on the checksum issue.
2012/4/11 Rémi Després despres.remi@laposte.net

>
> 5.4 Impact c. - it is true that, in the IPv6 packet of a tunneled ICMPv4
> message, the ICMPv4 checksum doesn't ensure IPv6 address integrity. But
> this integrity can be ensured at tunnel exit by checking that CNPs do
> preserve checksum neutrality. This can be clarified by a complement in the
> 4rd-u security section.
>
>

1. this introduces another new semantics/logic of protocol stack
processing at exit CE. it is really hard to call it either IPv4 or IPv6.

2. even though this CNP works for the address integrity, unfortunately,
however, the checksum still provides integrity protection for packet length
and payload protocol type in both IPv4/ICMPv4 pair and IPv6/ICMPv6 pair.
they are involved either in IPv4 header checksum or in ICMPv6 checksum,
which covers the pseudo-header of IPv6. how could CNP protect these?

thanks for mentioning CNP here. i need to modify the concern for "address
integrity" to the concern for "integrity of addresses, packet length and
payload protocol type".

- maoke

v2.23.0 | Report a Bug | By Email