Re: [v6ops] WGLC for draft-ietf-opsec-ipv6-eh-filtering-03

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 04 October 2017 22:10 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 401491320D8; Wed, 4 Oct 2017 15:10:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ri0ZU9KyS82q; Wed, 4 Oct 2017 15:10:04 -0700 (PDT)
Received: from mail-pg0-x22b.google.com (mail-pg0-x22b.google.com [IPv6:2607:f8b0:400e:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BE8E132F3F; Wed, 4 Oct 2017 15:10:04 -0700 (PDT)
Received: by mail-pg0-x22b.google.com with SMTP id b192so4151502pga.2; Wed, 04 Oct 2017 15:10:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=BXXOL4VZMLdtiyNkwkR/vFzfW9y1nnorTKTHOxDIjMI=; b=BphDhXn25OYaiyivIxuV/6ApxY4N3IKDmIt6XTFvyEtU0BqN4IlWYZBhH+QQtJ9F2l EQilOHaw0JSe8X3xrUhu7xFigtwdb5qyLTXQ2MRrlAChu9359ZDBIQm5ABv3Vn4inNMB q/u479nZ+6SI+xE//WABEJqitRmbLdAKRf4YdvwsgajEEFFwK51xFq40yOVuRiFJEn0O 65vN9ByWsulZO8HCBX09idq1aoj3jDw7nYJvKst6RRuBWRLsXljtI+QdpXPAKaoXeo5c jCmAXHC65cHo/2GyJPmQdJ3Y3s2UiOlmmGsw8ZbUIH0LH+7o84nDLvlVLR2juGwEVdKT ZgVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=BXXOL4VZMLdtiyNkwkR/vFzfW9y1nnorTKTHOxDIjMI=; b=cw/A/fLS0uAhtrUzdwmTdWTOMb0m2pZX5jlsarzzr6NCNrhzEGVH8MicoGgG3e5UKM 6CqJysd9PDDU4Xh8zLseX59uwJ+s32D/QSOD7Jt/r51LhO2XjO3AhtOSjDEJyqiY8lya v/4L2QvE1MRp35/q0y2yzcb9QQsKptoNJqpzVYlVW/Fl0pcMuUBc89j90pnJpyHYtMim gvmJNjcv9yKkQrvTVYXawbiMdz5cIapqN9Px5rdg9BAde2N8YxCr8zaXVvb8N4+dYDY1 /T6WC2LXiFGNNRSotFTI0dsbltaauVT+Z8uQE0abnCEMpjZfFRroegBRczbXF2Y0SN+P RMWg==
X-Gm-Message-State: AHPjjUiunXLwiULAZ2zbWAOCHDyONTel0QnNibmYUBnGNeFRRRnBliHe K2OPfGsvvuecaJY3wYmNkdV1vA==
X-Google-Smtp-Source: AOwi7QACJdPqu+mRE58utVqQQZQMakfZaS7Xc+3J48JpthweXjh6CjKyFD8Oy8FGJF8YocKJ3g3U+Q==
X-Received: by 10.99.184.9 with SMTP id p9mr19032957pge.6.1507155003395; Wed, 04 Oct 2017 15:10:03 -0700 (PDT)
Received: from ?IPv6:2406:e007:6d3c:1:28cc:dc4c:9703:6781? ([2406:e007:6d3c:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id f22sm10960024pff.147.2017.10.04.15.10.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Oct 2017 15:10:02 -0700 (PDT)
To: Joe Touch <touch@strayalpha.com>, "Van De Velde, Gunter (Nokia - BE/Antwerp)" <gunter.van_de_velde@nokia.com>, "opsec@ietf.org" <opsec@ietf.org>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, "draft-ietf-opsec-ipv6-eh-filtering@ietf.org" <draft-ietf-opsec-ipv6-eh-filtering@ietf.org>
References: <8C3BB7BE-4E84-4D44-8DA9-BBE80EA51752@nokia.com> <e8ede91e-8d46-5364-9789-76d7e833fb7d@strayalpha.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <2c8c0d70-4b63-12ba-d83a-192b829159b8@gmail.com>
Date: Thu, 5 Oct 2017 11:10:06 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <e8ede91e-8d46-5364-9789-76d7e833fb7d@strayalpha.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/VcodzrokzSNi0ZjC-tbajI7MuBw>
Subject: Re: [v6ops] WGLC for draft-ietf-opsec-ipv6-eh-filtering-03
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Oct 2017 22:10:12 -0000

On 05/10/2017 02:12, Joe Touch wrote:
> 
> 
> On 9/29/2017 1:12 AM, Van De Velde, Gunter (Nokia - BE/Antwerp) wrote:
>>
>> This is to open a two week WGLC
>> for https://tools.ietf.org/html/draft-ietf-opsec-ipv6-eh-filtering-03.
>>
> 
> I do not agree with the claims of this document. It "informationally"
> advises against support for key IPv6 capabilities and undermines the
> extensibility of IPv6 by making recommendations about discarding
> currently unassigned codepoints.

Here's the problem, Joe. It's a fact of life that many firewalls
discard a lot of stuff that they shouldn't - that's why we wrote
RFC 7045 - but in the real world, operators blunder around based
on folklore and vendors' defaults. We can't change any of that, but
we can try to issue sensible advice that, overall, will limit the
resulting breakage. IMHO this document, positioned correctly as
Informational, will do that: on balance, it makes the world a better
place.

I agree with Bob Hinden that a careful review against RFC 8200 is
essential. I already pointed out one problem (RH0) at
https://mailarchive.ietf.org/arch/msg/opsec/StjbjvCP9PLC3ssnTKYO6jqFgk0
and Bob found a problem with Hop-by-Hop.

    Brian
> 
> This is an overstep for an OPS group, IMO.
> 
> Additionally, it refers to RFC2119 without taking care to capitalize
> those keywords where used or to provide specific examples where
> recommendations contradict existing Internet standards or are not
> definitive (e.g., SHOULDs).
> 
> I don't think this document is ready in any way.
> 
> Joe
> 
> 
> 
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>