Re: [v6ops] Extension Headers / Impact on Security Devices
Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 17 June 2015 01:24 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB8741B3635 for <v6ops@ietfa.amsl.com>; Tue, 16 Jun 2015 18:24:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h3WZyICJ0Est for <v6ops@ietfa.amsl.com>; Tue, 16 Jun 2015 18:24:05 -0700 (PDT)
Received: from mail-pd0-x236.google.com (mail-pd0-x236.google.com [IPv6:2607:f8b0:400e:c02::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A8491B362F for <v6ops@ietf.org>; Tue, 16 Jun 2015 18:24:05 -0700 (PDT)
Received: by pdbnf5 with SMTP id nf5so26291764pdb.2 for <v6ops@ietf.org>; Tue, 16 Jun 2015 18:24:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=tTSAORWnQm8i4Q9qPl7ZQKwqcrnxPON5SuQNss3+OLE=; b=z6sg9ZWIRdZD5ZX3OVuTYgD7PY54RezR+vY3Q84Ab0FvZ/TjtE03BqDSe88RDpEDE5 xhzsfdj5nSwo8EsLVTyz4uzjxQpf2lTQxa38MYGW9Aa/j0DUohK5QTqNVyee9x99zdE/ ejkvF3NhtkgyAWM2dfwACarXcrmsR6/Pdo3c3gWHdLNRBFOmuxxkmk/JztYdsUHErdpw lNkDm/d5utEevz3Gxc+vPIlOFs+E9FmEm/WrqGoJhCIIWqebAhWjOfT9BtZowkZ2kyNu prZiHhhoBP8lNj35Movhmz1Vlb90MpmsqdC6IdgB+IpkmppfEzwJnjgs8AloZBXZrkoG zujw==
X-Received: by 10.68.202.7 with SMTP id ke7mr5735868pbc.114.1434504244660; Tue, 16 Jun 2015 18:24:04 -0700 (PDT)
Received: from ?IPv6:2406:e007:516f:1:28cc:dc4c:9703:6781? ([2406:e007:516f:1:28cc:dc4c:9703:6781]) by mx.google.com with ESMTPSA id mp3sm2666919pbc.8.2015.06.16.18.24.00 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Jun 2015 18:24:03 -0700 (PDT)
Message-ID: <5580CC33.2080503@gmail.com>
Date: Wed, 17 Jun 2015 13:24:03 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Jen Linkova <furry13@gmail.com>, Enno Rey <erey@ernw.de>
References: <20150515105406.GA3028@ernw.de> <87siav2m6p.fsf@stepladder-it.com> <F1D4404E5E6C614EB9D3083F4D15A7E7C4A92C@hex02> <D17F4C51.4ABB0%evyncke@cisco.com> <20150611165858.GT39827@ernw.de> <CAFU7BAR7m0sZsU9Rc=fUao32zaRE1=9XMBWjiL0AukehdpVpWQ@mail.gmail.com>
In-Reply-To: <CAFU7BAR7m0sZsU9Rc=fUao32zaRE1=9XMBWjiL0AukehdpVpWQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/WEv1g-cLh5GIYE3htw1q2Tg-Qdo>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, "ipv6-wg@ripe.net IPv6" <ipv6-wg@ripe.net>
Subject: Re: [v6ops] Extension Headers / Impact on Security Devices
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2015 01:24:07 -0000
On 17/06/2015 07:02, Jen Linkova wrote: ... > (shameless plug) a group of enthusiasts have just submitted a new > version of document which discusses exactly this problem: > > https://tools.ietf.org/html/draft-wkumari-long-headers-03 > > Comments are appreciated... In REQ-2 on HbH headers, you say: > The forwarder MUST > process each option as specified in Section 4.2 of [RFC2460]. That aspect of RFC 2460 was fundamentally changed by RFC 7045. And of course this is the issue addressed by draft-baker-6man-hbh-header-handling. Personally I still think RFC 7045 is the most realistic on this point, but Fred would like things to get better ;-). I'm sure other things in the long-headers draft need revising as a result of RFC 7045, since its whole topic is the handling of extension headers ("This document updates RFC 2460 to clarify how intermediate nodes should deal with such extension headers and with any that are defined in the future.") Y'all also need to take account of RFC 7112, which forbids fragmented header chains. Brian
- [v6ops] Extension Headers / Impact on Security De… Enno Rey
- Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
- Re: [v6ops] Extension Headers / Impact on Securit… Mark ZZZ Smith
- Re: [v6ops] Extension Headers / Impact on Securit… Gert Doering
- Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
- Re: [v6ops] Extension Headers / Impact on Securit… Silvia Hagen
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian E Carpenter
- Re: [v6ops] Extension Headers / Impact on Securit… Ole Troan
- Re: [v6ops] Extension Headers / Impact on Securit… sthaug
- Re: [v6ops] Extension Headers / Impact on Securit… Nick Hilliard
- Re: [v6ops] Extension Headers / Impact on Securit… Fernando Gont
- Re: [v6ops] Extension Headers / Impact on Securit… Ted Lemon
- Re: [v6ops] Extension Headers / Impact on Securit… Gert Doering
- Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
- Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
- Re: [v6ops] Extension Headers / Impact on Securit… Ted Lemon
- Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
- Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
- Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
- Re: [v6ops] Extension Headers / Impact on Securit… Sander Steffann
- Re: [v6ops] Extension Headers / Impact on Securit… Mark ZZZ Smith
- Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
- Re: [v6ops] Extension Headers / Impact on Securit… Tim Chown
- Re: [v6ops] Extension Headers / Impact on Securit… Eric Vyncke (evyncke)
- Re: [v6ops] Extension Headers / Impact on Securit… Silvia Hagen
- Re: [v6ops] Extension Headers / Impact on Securit… Nick Hilliard
- Re: [v6ops] Extension Headers / Impact on Securit… Mark ZZZ Smith
- Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
- Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
- Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
- Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
- Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
- Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
- Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
- Re: [v6ops] Extension Headers / Impact on Securit… Gert Doering
- Re: [v6ops] Extension Headers / Impact on Securit… Ray Hunter
- Re: [v6ops] Extension Headers / Impact on Securit… Tim Chown
- Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
- Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
- Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
- Re: [v6ops] Extension Headers / Impact on Securit… Eric Vyncke (evyncke)
- Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
- Re: [v6ops] Extension Headers / Impact on Securit… Stefano Previdi (sprevidi)
- Re: [v6ops] Extension Headers / Impact on Securit… Stefano Previdi (sprevidi)
- Re: [v6ops] Extension Headers / Impact on Securit… Howard, Lee
- Re: [v6ops] Extension Headers / Impact on Securit… Fred Baker (fred)
- Re: [v6ops] Extension Headers / Impact on Securit… Fred Baker (fred)
- Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
- Re: [v6ops] Extension Headers / Impact on Securit… Enno Rey
- Re: [v6ops] Extension Headers / Impact on Securit… Eric Vyncke (evyncke)
- Re: [v6ops] Extension Headers / Impact on Securit… Ca By
- Re: [v6ops] Extension Headers / Impact on Securit… Mark ZZZ Smith
- Re: [v6ops] Extension Headers / Impact on Securit… Ca By
- Re: [v6ops] Extension Headers / Impact on Securit… Jen Linkova
- Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
- Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
- Re: [v6ops] Extension Headers / Impact on Securit… Fred Baker (fred)
- Re: [v6ops] Extension Headers / Impact on Securit… Ca By
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Fred Baker (fred)
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Jen Linkova
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … sthaug
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Nick Hilliard
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Jen Linkova
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Jen Linkova
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … sthaug
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Jen Linkova
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
- Re: [v6ops] Extension Headers / Impact on Securit… Ca By
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Fred Baker (fred)
- Re: [v6ops] Extension Headers / Impact on Securit… Jen Linkova
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian Haberman
- Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
- Re: [v6ops] Extension Headers / Impact on Securit… Fred Baker (fred)
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Tore Anderson
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian Haberman
- Re: [v6ops] Extension Headers / Impact on Securit… Joe Touch
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Tore Anderson
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … sthaug
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian E Carpenter
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Warren Kumari
- Re: [v6ops] Extension Headers / Impact on Securit… Brian E Carpenter
- [v6ops] So what is or are the problem or problems… Mark ZZZ Smith
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … sthaug
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian Haberman
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Gert Doering
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Joe Touch
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Ole Troan
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … sthaug
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Ole Troan
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Enno Rey
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Mark ZZZ Smith
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian E Carpenter
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Warren Kumari
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Ronald Bonica
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Mark ZZZ Smith
- Re: [v6ops] Extension Headers / Impact on Securit… Fernando Gont
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Fernando Gont
- Re: [v6ops] [ipv6-wg] Extension Headers / Impact … Brian Haberman