Re: [v6ops] [ipv6-wg] Extension Headers / Impact on Security Devices

Ronald Bonica <rbonica@juniper.net> Fri, 19 June 2015 21:36 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 915631B2AF3 for <v6ops@ietfa.amsl.com>; Fri, 19 Jun 2015 14:36:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.902
X-Spam-Level:
X-Spam-Status: No, score=-101.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uHAG4icDYlvm for <v6ops@ietfa.amsl.com>; Fri, 19 Jun 2015 14:36:14 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0108.outbound.protection.outlook.com [207.46.100.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 617031B2AF0 for <v6ops@ietf.org>; Fri, 19 Jun 2015 14:36:14 -0700 (PDT)
Received: from BLUPR05MB1985.namprd05.prod.outlook.com (10.162.224.27) by BLUPR05MB1985.namprd05.prod.outlook.com (10.162.224.27) with Microsoft SMTP Server (TLS) id 15.1.190.14; Fri, 19 Jun 2015 21:36:13 +0000
Received: from BLUPR05MB1985.namprd05.prod.outlook.com ([10.162.224.27]) by BLUPR05MB1985.namprd05.prod.outlook.com ([10.162.224.27]) with mapi id 15.01.0190.013; Fri, 19 Jun 2015 21:36:13 +0000
From: Ronald Bonica <rbonica@juniper.net>
To: Enno Rey <erey@ernw.de>, Jen Linkova <furry13@gmail.com>
Thread-Topic: [v6ops] [ipv6-wg] Extension Headers / Impact on Security Devices
Thread-Index: AQHQqNEIg5ZU+gtmFE6PqXTscgbWoJ2wd4uAgAAh0YCAABZRgIAAAYEAgAABkwCAAAIcgIAABXMAgAOjZMA=
Date: Fri, 19 Jun 2015 21:36:12 +0000
Message-ID: <BLUPR05MB1985F5AC03584056F6F48FEBAEA40@BLUPR05MB1985.namprd05.prod.outlook.com>
References: <CAFU7BAR0YeGe7NbYTqNSAcMukGjAz6akWaVcODWVJwpTJKQhWQ@mail.gmail.com> <20150617.140235.74748217.sthaug@nethelp.no> <CAFU7BARNa--MEuOzH5ZsBJ+hY8hCxUH4tVDcSEP95BdkmooLgw@mail.gmail.com> <20150617.152750.41635871.sthaug@nethelp.no> <20150617133328.GB16716@ernw.de> <CAFU7BATv3U7TtSnM8Litneq+xGvXmmHLBHHz0HFGE=AjoYeSHg@mail.gmail.com> <20150617140032.GB16806@ernw.de>
In-Reply-To: <20150617140032.GB16806@ernw.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ernw.de; dkim=none (message not signed) header.d=none;
x-originating-ip: [66.129.241.11]
x-microsoft-exchange-diagnostics: 1; BLUPR05MB1985; 3:kngoAwaMVQEHtPiK59bvz6jWEhLrJhZtJk8wvfH62NFr4bBvoZAP3aUt/3+DIUOzkPOt2BJAPAzWI3MXi86mXUWAfz/kXqI2CB0BDAAdIM1Z/wNBGkt3emUYeq+XZ6VRTzi7QkkWMfu9LO0P3cjw3A==; 10:gVtPmCNnk5WgD1tDCAZrgMAE4DUm/3OWX4mZ/24OrjAbP/d6VS4dlEBmP/SLKOuX19m3biZDluiWki0vd/ASRtfV96NDQwL4dFa2Rf2f+xc=; 6:CynuC7BYMN5Zi4fCXGzOhbVzrSN4DBUaOIUNuOdDcNnHpdIlo/lqD2vYhZM8TAnQ
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR05MB1985;
x-microsoft-antispam-prvs: <BLUPR05MB1985CF66A42F4A4809CFDE79AEA40@BLUPR05MB1985.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:BLUPR05MB1985; BCL:0; PCL:0; RULEID:; SRVR:BLUPR05MB1985;
x-forefront-prvs: 0612E553B4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(52044002)(66066001)(76176999)(50986999)(74316001)(5003600100002)(5001770100001)(46102003)(5001960100002)(102836002)(77096005)(189998001)(2950100001)(2900100001)(5002640100001)(33656002)(86362001)(106116001)(40100003)(122556002)(99286002)(62966003)(77156002)(2656002)(92566002)(54356999)(76576001)(558084003)(87936001); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR05MB1985; H:BLUPR05MB1985.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jun 2015 21:36:12.9151 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR05MB1985
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/P_n6V4yBhU-n-315AeLZUakbLII>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, "ipv6-wg@ripe.net IPv6" <ipv6-wg@ripe.net>
Subject: Re: [v6ops] [ipv6-wg] Extension Headers / Impact on Security Devices
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2015 21:36:15 -0000

I am aware of one implementation that is almost RFC 7112 compliant. It drops the packet, but fails to send an ICMP message.

                                                                                                                           Ron


> Yes, we're aware of RFC7112. It's just: no OS we know and no devices we're
> aware of (feel free to provide pointers) implement RFC 7112 as of today.