Re: [v6ops] Extension Headers / Impact on Security Devices

Joe Touch <touch@isi.edu> Wed, 17 June 2015 18:04 UTC

Return-Path: <touch@isi.edu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BCEF1B2C85 for <v6ops@ietfa.amsl.com>; Wed, 17 Jun 2015 11:04:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZqR6pPtY_zIL for <v6ops@ietfa.amsl.com>; Wed, 17 Jun 2015 11:04:06 -0700 (PDT)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B14F1A9061 for <v6ops@ietf.org>; Wed, 17 Jun 2015 11:04:06 -0700 (PDT)
Received: from [128.9.160.252] (pen.isi.edu [128.9.160.252]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id t5HI2HvT028582 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 17 Jun 2015 11:02:17 -0700 (PDT)
Message-ID: <5581B628.5030206@isi.edu>
Date: Wed, 17 Jun 2015 11:02:16 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Ca By <cb.list6@gmail.com>, "Fred Baker (fred)" <fred@cisco.com>
References: <20150515105406.GA3028@ernw.de> <87siav2m6p.fsf@stepladder-it.com> <F1D4404E5E6C614EB9D3083F4D15A7E7C4A92C@hex02> <D17F4C51.4ABB0%evyncke@cisco.com> <20150611165858.GT39827@ernw.de> <CAFU7BAR7m0sZsU9Rc=fUao32zaRE1=9XMBWjiL0AukehdpVpWQ@mail.gmail.com> <5580CC33.2080503@gmail.com> <8447882A-6B4B-4ABE-9BDF-5DA7AFE13AB1@cisco.com> <CAD6AjGSUPV_9EEQGCRHRpKe8Hejgx_CMPq6bEkCsK3v4qmgJgg@mail.gmail.com> <CAD6AjGSFEG1Gi_EDC+Qxd0bxx=rdFveRbVq20ODZE6B5rDwF_Q@mail.gmail.com>
In-Reply-To: <CAD6AjGSFEG1Gi_EDC+Qxd0bxx=rdFveRbVq20ODZE6B5rDwF_Q@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-MailScanner-ID: t5HI2HvT028582
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/bbq5IYnF3JPk468fJa79ee7lvVs>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Extension Headers / Impact on Security Devices
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2015 18:04:09 -0000


On 6/17/2015 8:11 AM, Ca By wrote:
> IPv6 is serious business now.  That means it needs to be the narrow
> waist of the internet that is small on services and large on stability
> and predictability.
> 
> Please
> review https://www.iab.org/wp-content/IAB-uploads/2011/03/hourglass-london-ietf.pdf
> 
> For the folks looking for extension header innovation, would you be
> willing to work on IP version X instead of IPv6?  Or perhaps you can use
> the Class E IPv4 space for your innovation?
> 
> Serious.  IPv6 is not a place for innovation at the Network / Internet
> layer. ...

Hmm.

The design of the IPv6 header chain system was intended to overcome
these sort of limitations of IPv4, e.g., to understand what to do with
unknown options, to separate HBH vs E2E, etc.

IPv6 *is* the innovation, and because of that - for over 15 years -
"you" (commercial vendors) told users how expensive it would be to
implement and it wasn't ready (because "you" were making higher margins
on IPv4 equipment).

Now that we really need it and thus "you" are making money off it, we
(the IETF innovators) are supposed to go away (i.e., use protocol
extensions that don't impact your profit margins because you don't
support them)?

IMO, IPv6 is an E-ticket ride*. If you want to make money off it, IMO
"you" need to expect to pay the price to keep up.

Joe

*https://en.wikipedia.org/wiki/E_ticket