Re: Re: [ssm] what to say about scoping for v6 [was ...last call...]
Hugh Holbrook <holbrook@cisco.com> Wed, 12 March 2003 18:16 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA14492 for <ssm-archive@odin.ietf.org>; Wed, 12 Mar 2003 13:16:49 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h2CIUqi01421 for ssm-archive@odin.ietf.org; Wed, 12 Mar 2003 13:30:52 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2CIUqO01418 for <ssm-web-archive@optimus.ietf.org>; Wed, 12 Mar 2003 13:30:52 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA14479 for <ssm-web-archive@ietf.org>; Wed, 12 Mar 2003 13:16:16 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2CITYO01310; Wed, 12 Mar 2003 13:29:34 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2CIOuO01023 for <ssm@optimus.ietf.org>; Wed, 12 Mar 2003 13:24:56 -0500
Received: from sj-core-2.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA14275 for <ssm@ietf.org>; Wed, 12 Mar 2003 13:10:21 -0500 (EST)
Received: from holbrook-laptop.cisco.com (sjc-vpn1-426.cisco.com [10.21.97.170]) by sj-core-2.cisco.com (8.12.6/8.12.6) with ESMTP id h2CICSEY015725; Wed, 12 Mar 2003 10:12:28 -0800 (PST)
Received: by holbrook-laptop.cisco.com (Postfix, from userid 500) id 1788F10B7A7; Wed, 12 Mar 2003 10:08:04 -0800 (PST)
From: Hugh Holbrook <holbrook@cisco.com>
To: Pekka Savola <pekkas@netcore.fi>
Cc: Brian Haberman <bkhabs@nc.rr.com>, holbrook@cisco.com, ssm@ietf.org
In-reply-to: <Pine.LNX.4.44.0303121226350.11788-100000@netcore.fi>
Subject: Re: Re: [ssm] what to say about scoping for v6 [was ...last call...]
Reply-To: holbrook@cisco.com
Message-Id: <20030312180804.1788F10B7A7@holbrook-laptop.cisco.com>
Date: Wed, 12 Mar 2003 10:08:04 -0800
Sender: ssm-admin@ietf.org
Errors-To: ssm-admin@ietf.org
X-BeenThere: ssm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=unsubscribe>
List-Id: Source-Specific Multicast <ssm.ietf.org>
List-Post: <mailto:ssm@ietf.org>
List-Help: <mailto:ssm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=subscribe>
> > > So I'm trying to convert this discussion about scoping to concrete > > > text. Here's what the doc currently says about v6 scoped addresses. > > > > > > For IPv6, administratively scoped SSM addresses are created by choosing > > > an appropriate scope identifier for the SSM destination address. Normal > > > IPv6 multicast scope boundaries are applied to traffic sent to an SSM > > > destination address. > > > > > > I note that this paragraph is confusing because it says you can make a > > > "scoped SSM addresses" when what it should say is "scoped SSM channel > > > addresses". Here is proposed text to incorporate what I think Pekka > > > is suggesting. > > > > > > For IPv6, administratively scoped SSM channel addresses are created > > > by choosing an appropriate scope identifier for the SSM destination > > > address. Normal IPv6 multicast scope boundaries are applied to > > > traffic sent to an SSM destination address, including any relevant > > > boundaries applied to both the source and destination address. > > > > > > Question 1: Do you accept the above text? I'm not sure I captured the > > > issue, so I'd appreciate a better alternative if you see one. > > > > I am ok with it, but I didn't raise the issue either. So, I would > > like Pekka's assessment before we declare victory. :) > > I can live with it, with the inclusion of the reference. Done. I massaged the English of the last sentence to make it a bit more direct, without changing the wording. The text now reads For IPv6, administratively scoped SSM channel addresses are created by choosing an appropriate scope identifier for the SSM destination address. Normal IPv6 multicast scope boundaries [SCOPINGV6] are applied to traffic sent to an SSM destination address. Boundaries are applied to both the source and destination address. ... [SCOPINGV6] Deering, S. et. al, "IP Version 6 Scoped Address Architecture", Work in Progress. > However, I'd like a statement in the security considerations, perhaps > along the lines of: > > One should note that the use of IPv6 scoped addresses either in S or G may > cause significant complexities, for example regarding mismatching scopes > between S and G or regarding forwarding decisions for a scoped (S,G). > The implications of scoped addresses are described in other documents > [REF:SCOPED-ARCH] Isn't the scoping behavior simply that the most restrictive (smallest) scope applies. A packet is forwarded neither across a source-scope boundary nor across a destination-scope boundary. Unless I'm missing something, this actually sounds rather uncomplicated to me. Is there something that makes this tricky? Is there something about this that makes it a Security Considerations issue? > > > Question 2: If not, is there an appropriate reference for "Normal IPv6 > > > multicast scope boundaries," or is it preferable to intentionally > > > leave the document without a reference? > > > > I don't see a problem with having an informative reference for the > > scoped addr arch doc. > > I think an informational reference is necessary. (Actually, it should be > "almost" normative, but we don't want to have SSM arch get stuck due to > scoped addrarch, so..) Ok. I'm fine with referring to that document, as above. > > > Question 3: Should we add text to clarify the "embedded address" text > > > in RFC3306. I can think of three options: > > > > > > Either prohibit it: > > > > > > For IPv6, senders MUST ensure that the scope of a channel > > > destination address does not exceed the scope of the channel source > > > address. > > > > > > Or allow it: > > > > > > For IPv6, the scope of a channel destination address MAY exceed the > > > scope of the channel source address. Normal forwarding rules for > > > scoped traffic apply to a packet sent to such a channel. Normal > > > multicast scoping rules apply for any routing protocol messages > > > (e.g., "joins") referring to such a channel. > > > > > > Or say nothing: > > > > > > I am inclined to do the latter, and I think this is what both of you > > > are saying. Am I right? > > > > I agree, the latter works for me. > > I'm ok with leaving the text out. It is up to RFC3306bis and > clarification of it in scoped addrarch. Ok. Agreed on that. > > Should we add a reference to RFC > > 3484 as a note on how the address selection could occur? > > I'm ok with it but don't see where it would fit nicely. Ok. The resolution is to not say anything about address selection rules for SSM. Thanks. > -- > Pekka Savola "You each name yourselves king, yet the > Netcore Oy kingdom bleeds." > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings > > > > > > _______________________________________________ > ssm mailing list > ssm@ietf.org > https://www1.ietf.org/mailman/listinfo/ssm _______________________________________________ ssm mailing list ssm@ietf.org https://www1.ietf.org/mailman/listinfo/ssm
- [ssm] another last call for draft-ietf-ssm-arch -… Hugh Holbrook
- Re: [ssm] another last call for draft-ietf-ssm-ar… Pekka Savola
- Re: Re: [ssm] another last call for draft-ietf-ss… Hugh Holbrook
- Re: Re: [ssm] another last call for draft-ietf-ss… Pekka Savola
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: [ssm] another last call for draft-ietf-ssm-ar… Pekka Savola
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: [ssm] another last call for draft-ietf-ssm-ar… Pekka Savola
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: Re: Re: [ssm] another last call for draft-iet… Hugh Holbrook
- [ssm] what to say about scoping for v6 [was ...la… Hugh Holbrook
- [ssm] permanent ipv6 ssm addresses [was ...last c… Hugh Holbrook
- Re: [ssm] permanent ipv6 ssm addresses [was ...la… Brian Haberman
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: [ssm] what to say about scoping for v6 [was .… Brian Haberman
- Re: Re: [ssm] permanent ipv6 ssm addresses [was .… Hugh Holbrook
- Re: [ssm] what to say about scoping for v6 [was .… Pekka Savola
- Re: Re: [ssm] what to say about scoping for v6 [w… Hugh Holbrook
- Re: [ssm] what to say about scoping for v6 [was .… Brian Haberman
- Re: Re: [ssm] what to say about scoping for v6 [w… Pekka Savola
- Re: [ssm] what to say about scoping for v6 Hitoshi Asaeda
- Re: Re: Re: [ssm] what to say about scoping for v… Hugh Holbrook
- Re: [ssm] what to say about scoping for v6 Pekka Savola
- Re: [ssm] what to say about scoping for v6 [was .… Brian Haberman
- Re: [ssm] what to say about scoping for v6 [was .… Pekka Savola
- Re: Re: [ssm] what to say about scoping for v6 [w… Hugh Holbrook
- Re: Re: [ssm] what to say about scoping for v6 [w… Pekka Savola
- Re: Re: [ssm] another last call for draft-ietf-ss… Hugh Holbrook