Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-gont-opsec-ipv6-eh-filtering-00.txt
Fernando Gont <fgont@si6networks.com> Thu, 17 July 2014 22:04 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 480921A0302; Thu, 17 Jul 2014 15:04:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.132
X-Spam-Level:
X-Spam-Status: No, score=-1.132 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SORBS_WEB=0.77, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XBpWr8sR9bvN; Thu, 17 Jul 2014 15:03:59 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E4681A0332; Thu, 17 Jul 2014 15:03:59 -0700 (PDT)
Received: from [209.226.201.241] (helo=[10.205.138.219]) by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <fgont@si6networks.com>) id 1X7tmL-0002jy-Dv; Fri, 18 Jul 2014 00:03:53 +0200
Message-ID: <53C84841.3050702@si6networks.com>
Date: Thu, 17 Jul 2014 16:03:45 -0600
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Joe Touch <touch@isi.edu>, "C. M. Heard" <heard@pobox.com>
References: <20140704235122.9794.84948.idtracker@ietfa.amsl.com> <53C35CC4.2070304@gmail.com> <53C57F39.7080800@gont.com.ar> <53C5C279.2090600@gmail.com> <53C5C91C.2020203@isi.edu> <53C5CAEE.5080805@si6networks.com> <53C6B1E5.4060905@isi.edu> <Pine.LNX.4.64.1407161401400.6057@shell4.bayarea.net> <53C82DE3.5010007@isi.edu>
In-Reply-To: <53C82DE3.5010007@isi.edu>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/LsUG0ZQTZ8-ooIGDikpmZeE8IbI
Cc: OPSEC <opsec@ietf.org>, Internet Area <int-area@ietf.org>, IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-gont-opsec-ipv6-eh-filtering-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jul 2014 22:04:01 -0000
On 07/17/2014 02:11 PM, Joe Touch wrote: > > > On 7/16/2014 3:13 PM, C. M. Heard wrote: >> Even it I don't agree with all of them, the filtering >> recommendations in this draft do seem to motivated by legitimate >> operational >> concerns, not blanket paranoia. > > They need to be characterized as what they are: > > - an attempt to accommodate devices that are NOT IPv6-compliant I'd have a hard time coming uup with a vendor/device that can process IPv6 packets with HBH header with the same performance as regular packets. So.. are you suggesting that we start claiming that "we currently do not know of any ipv6-compliant routers", or what? (fwiw, I expect you are not) > I agree that there are legitimate operational concerns, but redefining > the behavior or the IPv6 flags is not the purview of operational or > management groups in the IETF. We're not redefining anything. We're just saying "look, if you're running an IPv6 network, this is probably the most sane thing to do". Having that sane advice doesn't prevent you from doing something else if you know better, if you want to allow everything withing your organization, or if you just don't care if your network melts down. Cheers, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- Re: [v6ops] I-D Action: draft-gont-opsec-ipv6-eh-… Brian E Carpenter
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Mikael Abrahamsson
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Fernando Gont
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Brian E Carpenter
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Joe Touch
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Fernando Gont
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Fernando Gont
- Re: [v6ops] I-D Action: draft-gont-opsec-ipv6-eh-… C. M. Heard
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Joe Touch
- Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-… C. M. Heard
- Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-… Joe Touch
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Fernando Gont
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Joe Touch
- Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-… Fernando Gont
- Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-… Fernando Gont
- Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-… Joe Touch
- Re: [v6ops] [Int-area] [OPSEC] I-D Action: draft-… Fernando Gont
- Re: [v6ops] [OPSEC] [Int-area] I-D Action: draft-… Warren Kumari
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… RJ Atkinson
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Fernando Gont
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Mikael Abrahamsson
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Fernando Gont
- Re: [v6ops] [OPSEC] I-D Action: draft-gont-opsec-… Smith, Donald