Re: [v6ops] IPv6 EHs in the Real World (Fwd: New Version Notification for draft-gont-v6ops-ipv6-ehs-in-real-world-02.txt)
joel jaeggli <joelja@bogus.com> Thu, 26 March 2015 22:52 UTC
Return-Path: <joelja@bogus.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C08241A049A for <v6ops@ietfa.amsl.com>; Thu, 26 Mar 2015 15:52:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lh2Qs8bBwX6Z for <v6ops@ietfa.amsl.com>; Thu, 26 Mar 2015 15:52:49 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C650D1A19E3 for <v6ops@ietf.org>; Thu, 26 Mar 2015 15:52:49 -0700 (PDT)
Received: from dhcp-b52a.meeting.ietf.org (dhcp-b52a.meeting.ietf.org [31.133.181.42]) (authenticated bits=0) by nagasaki.bogus.com (8.14.9/8.14.9) with ESMTP id t2QMqcuU011637 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 26 Mar 2015 22:52:40 GMT (envelope-from joelja@bogus.com)
To: Merike Kaeo <kaeo@merike.com>, "Eric Vyncke (evyncke)" <evyncke@cisco.com>
references: <8D33A146-8721-4C43-8453-0385ED901D79@nominum.com> <5506E21D.80000@bogus.com> <8659A9C4-129C-4DA2-9265-B06D4AA4E262@nominum.com> <20150316.181923.74694044.sthaug@nethelp.no> <alpine.DEB.2.02.1503171452090.20507@uplift.swm.pp.se> <DDC70DDD-58A8-4B94-8F6B-E0FC339BB916@merike.com> <D13982C9.40CCA%evyncke@cisco.com> <52C91C37-7214-4EFD-A0DD-F0842CB45D2E@merike.com>
From: joel jaeggli <joelja@bogus.com>
message-id: <55148DB6.9000204@bogus.com>
Date: Thu, 26 Mar 2015 17:52:38 -0500
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Thunderbird/37.0
mime-version: 1.0
in-reply-to: <52C91C37-7214-4EFD-A0DD-F0842CB45D2E@merike.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="nvaIhHqiSmJSmm6E2Cl7rQQhx8RPqGvcI"
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/eKRlzaQg5u6-m7YVhPzEAeN2vEQ>
Cc: "silvia.hagen@sunny.ch" <silvia.hagen@sunny.ch>, "fgont@si6networks.com" <fgont@si6networks.com>, "v6ops@ietf.org" <v6ops@ietf.org>, "fernando@gont.com.ar" <fernando@gont.com.ar>
Subject: Re: [v6ops] IPv6 EHs in the Real World (Fwd: New Version Notification for draft-gont-v6ops-ipv6-ehs-in-real-world-02.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 22:52:51 -0000
On 3/26/15 9:47 AM, Merike Kaeo wrote: > Sounds good. > > Warren/Joel…I think resurrecting work on Why Operators Filter Fragments (https://tools.ietf.org/html/draft-taylor-v6ops-fragdrop-02) may be a good idea :) it might be time, though I expect it won't be super warmly received either. > - merike > > [list may get duplicate of this message since first attempt was blocked due to using email I didn't use to subscribe to list…..apologies in advance] > > On Mar 26, 2015, at 7:37 AM, "Eric Vyncke (evyncke)" <evyncke@cisco.com> wrote: > >> Merike and Fernando, >> >> As I wrote a couple of comments on the methodology, I do not mind joining >> your test campaign ;-) >> >> Let's talk perhaps here in Dallas? >> >> -éric >> >> On 17/03/15 15:10, "Merike Kaeo" <kaeo@merike.com> wrote: >> >>> >>> On Mar 17, 2015, at 6:52 AM, Mikael Abrahamsson <swmike@swm.pp.se> wrote: >>> >>>> On Mon, 16 Mar 2015, sthaug@nethelp.no wrote: >>>> >>>>>>> Lets live in the real world shall we? >>>>>>> >>>>>>> http://customer.comcast.com/help-and-support/internet/email-port-25-no >>>>>>> -longer-supported/ >>>>>> >>>>>> Ah, so the reason that an ISP would enforce ACLs is because of a >>>>>> protocol with a lousy security model that is only fixable (and even >>>>>> then, not very) with the help of firewalls. Fair enough--I had >>>>>> developed a blind spot about this issue because it's been broken for >>>>>> so long and we've been reflexively avoiding the brokenness for so long. >>>>>> >>>>>> But essentially what's happening here is that we are seeing a design >>>>>> flaw at layer 7 forcing brokenness at layer 3. Oops. Maybe we >>>>>> should stop reflexively working around this problem and seriously >>>>>> figure out how fix it, so that twenty years from now we no longer need >>>>>> a broken layer 3. >>>>> >>>>> I'm all for that. However, I cannot afford to wait 20 years for a fix >>>>> to the problems. My priorities, as I see them: >>>>> >>>>> 1. Protect my network. >>>>> 2. Within reason, protect my customers. >>>>> 3. Move traffic to and from my customers, in a semi-optimal way. >>>> >>>> Please also add 4. "Protect the Internet from your customers". This is >>>> something too many miss. >>> >>> I for one am really glad that we are getting operational reality input. >>> Thank you. FWIW, I'm sitting next to Fernando at a security conference >>> we are both at >>> and I had offered to help with this draft. This was a few months ago. >>> What I see is that we are in need of some additional measurements and that >>> will happen. I would love to see some added input on this list in how to >>> improve measurements rather than the criticism of just how current >>> measurements >>> have been done. Collectively gathering operational realities is a good >>> thing for added input on how to deal with EHs. And FWIW, I am not in >>> favor of >>> deprecating EHs since that is too drastic but we as a community have to >>> understand where they are practically used and where they are dropped for >>> reasons that some deem as necessary. >>> >>> - merike >>> >>> >>> _______________________________________________ >>> v6ops mailing list >>> v6ops@ietf.org >>> https://www.ietf.org/mailman/listinfo/v6ops >> > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops >
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Eric Vyncke (evyncke)
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Fernando Gont
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … joel jaeggli
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ole Troan
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ole Troan
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … George Michaelson
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … sthaug
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ole Troan
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Eric Vyncke (evyncke)
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ole Troan
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ole Troan
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Fernando Gont
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ted Lemon
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … joel jaeggli
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … joel jaeggli
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Nick Hilliard
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ole Troan
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … joel jaeggli
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ole Troan
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … joel jaeggli
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Nick Hilliard
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ted Lemon
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … sthaug
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Warren Kumari
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … joel jaeggli
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ted Lemon
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Brian E Carpenter
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Mikael Abrahamsson
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Merike Kaeo
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Eric Vyncke (evyncke)
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Merike Kaeo
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Jen Linkova
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Merike Kaeo
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … joel jaeggli
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Nick Hilliard
- Re: [v6ops] why IPv6 EHs in the Real World Alexandru Petrescu
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Metzler, Dan J
- Re: [v6ops] why IPv6 EHs in the Real World Eric Vyncke (evyncke)
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Eric Vyncke (evyncke)
- Re: [v6ops] why IPv6 EHs in the Real World Fred Baker (fred)
- Re: [v6ops] why IPv6 EHs in the Real World George Michaelson
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Merike Kaeo
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … joel jaeggli
- Re: [v6ops] why IPv6 EHs in the Real World Brian E Carpenter
- Re: [v6ops] why IPv6 EHs in the Real World Joe Touch
- Re: [v6ops] why IPv6 EHs in the Real World Alexandru Petrescu
- Re: [v6ops] why IPv6 EHs in the Real World Gert Doering
- Re: [v6ops] why IPv6 EHs in the Real World Gert Doering
- Re: [v6ops] why IPv6 EHs in the Real World Alexandru Petrescu
- Re: [v6ops] why IPv6 EHs in the Real World Nick Hilliard
- Re: [v6ops] why IPv6 EHs in the Real World Brian E Carpenter
- Re: [v6ops] why IPv6 EHs in the Real World Brian E Carpenter
- Re: [v6ops] why IPv6 EHs in the Real World Nick Hilliard
- Re: [v6ops] why IPv6 EHs in the Real World Brian E Carpenter
- [v6ops] IPv6 EHs in the Real World (Fwd: New Vers… Fernando Gont
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Nick Hilliard
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ole Troan
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Nick Hilliard
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Tim Chown
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ole Troan
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Nick Hilliard
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Brian E Carpenter
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ole Troan
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Nick Hilliard
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Ole Troan
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Brian E Carpenter
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Nick Hilliard
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Fernando Gont
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Fernando Gont
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Fernando Gont
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Fernando Gont
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Fernando Gont
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Fernando Gont
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Nick Hilliard
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Tim Chown
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Fernando Gont
- Re: [v6ops] IPv6 EHs in the Real World (Fwd: New … Brian E Carpenter
- Re: [v6ops] why IPv6 EHs in the Real World Alexandru Petrescu
- Re: [v6ops] why IPv6 EHs in the Real World C. M. Heard
- Re: [v6ops] why IPv6 EHs in the Real World Alexandru Petrescu