[v6ops] Operational Implications of IPv6 Packets with Extension Headers - Security as Functionality
Vasilenko Eduard <vasilenko.eduard@huawei.com> Mon, 27 July 2020 08:57 UTC
Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CA3F3A17D7; Mon, 27 Jul 2020 01:57:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vead9ypTUo_Z; Mon, 27 Jul 2020 01:57:35 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15BDA3A17D6; Mon, 27 Jul 2020 01:57:35 -0700 (PDT)
Received: from lhreml725-chm.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id A9A652E65A073E3E847A; Mon, 27 Jul 2020 09:57:33 +0100 (IST)
Received: from msceml703-chm.china.huawei.com (10.219.141.161) by lhreml725-chm.china.huawei.com (10.201.108.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 27 Jul 2020 09:57:33 +0100
Received: from msceml703-chm.china.huawei.com (10.219.141.161) by msceml703-chm.china.huawei.com (10.219.141.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 27 Jul 2020 11:57:32 +0300
Received: from msceml703-chm.china.huawei.com ([10.219.141.161]) by msceml703-chm.china.huawei.com ([10.219.141.161]) with mapi id 15.01.1913.007; Mon, 27 Jul 2020 11:57:32 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Fernando Gont <fgont@si6networks.com>, IPv6 Operations <v6ops@ietf.org>
CC: "draft-gont-v6ops-ipv6-ehs-packet-drops@ietf.org" <draft-gont-v6ops-ipv6-ehs-packet-drops@ietf.org>
Thread-Topic: Operational Implications of IPv6 Packets with Extension Headers - Security as Functionality
Thread-Index: AdZj8y0cpQvjOWzVQImqu+eAb68F0A==
Date: Mon, 27 Jul 2020 08:57:32 +0000
Message-ID: <ee0bbb4d1f844ee8aef70dff0986685f@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.47.200.156]
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/KDrKLFYKosQzSQe7V0yweaWJCCI>
Subject: [v6ops] Operational Implications of IPv6 Packets with Extension Headers - Security as Functionality
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2020 08:57:37 -0000
Hi Fernando, Security is sometimes functionality, not vulnerability or attack vector. The good example is Firewall. Firewall needs to parse all headers to be useful. Hence, I believe it is in the logic of this draft to have section 5.1.5: one additional "use case" when parsing of ALL headers are mandatory. FW, IDPS Eduard -----Original Message----- From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Fernando Gont Sent: 26 июля 2020 г. 8:46 To: IPv6 Operations <v6ops@ietf.org> Cc: draft-gont-v6ops-ipv6-ehs-packet-drops@ietf.org Subject: [v6ops] Operational Implications of IPv6 Packets with Extension Headers (Fwd: New Version Notification for draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt) Folks, We have posted a rev of our IETF I-D "Operational Implications of IPv6 Packets with Extension Headers". The I-D is available at: https://www.ietf.org/internet-drafts/draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt Your feedback will be appreciated. Thanks! Cheers, Fernando -------- Forwarded Message -------- Subject: New Version Notification for draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt Date: Sat, 25 Jul 2020 22:28:50 -0700 From: internet-drafts@ietf.org To: Fernando Gont <fgont@si6networks.com>, Gert Doering <gert@space.net>, Geoff Huston <gih@apnic.net>, Warren Kumari <warren@kumari.net>, Nick Hilliard <nick@inex.ie> A new version of I-D, draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt has been successfully submitted by Fernando Gont and posted to the IETF repository. Name: draft-gont-v6ops-ipv6-ehs-packet-drops Revision: 04 Title: Operational Implications of IPv6 Packets with Extension Headers Document date: 2020-07-25 Group: Individual Submission Pages: 15 URL: https://www.ietf.org/internet-drafts/draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt Status: https://datatracker.ietf.org/doc/draft-gont-v6ops-ipv6-ehs-packet-drops/ Htmlized: https://tools.ietf.org/html/draft-gont-v6ops-ipv6-ehs-packet-drops-04 Htmlized: https://datatracker.ietf.org/doc/html/draft-gont-v6ops-ipv6-ehs-packet-drops Diff: https://www.ietf.org/rfcdiff?url2=draft-gont-v6ops-ipv6-ehs-packet-drops-04 Abstract: This document summarizes the security and operational implications of IPv6 extension headers, and attempts to analyze reasons why packets with IPv6 extension headers may be dropped in the public Internet. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ v6ops mailing list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
- [v6ops] Operational Implications of IPv6 Packets … Vasilenko Eduard
- Re: [v6ops] Operational Implications of IPv6 Pack… Fernando Gont
- Re: [v6ops] Operational Implications of IPv6 Pack… Vasilenko Eduard
- Re: [v6ops] Operational Implications of IPv6 Pack… Tom Herbert
- Re: [v6ops] Operational Implications of IPv6 Pack… Joseph Touch