Re: [v6ops] [ipv6-wg] Extension Headers / Impact on Security Devices

Ole Troan <otroan@employees.org> Fri, 19 June 2015 07:10 UTC

Return-Path: <otroan@employees.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 640451A6FF7 for <v6ops@ietfa.amsl.com>; Fri, 19 Jun 2015 00:10:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zKT5_NOUrkr6 for <v6ops@ietfa.amsl.com>; Fri, 19 Jun 2015 00:10:57 -0700 (PDT)
Received: from banjo.employees.org (banjo.employees.org [IPv6:2001:1868:205::19]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F8ED1A6FEC for <v6ops@ietf.org>; Fri, 19 Jun 2015 00:10:57 -0700 (PDT)
Received: from banjo.employees.org (localhost [127.0.0.1]) by banjo.employees.org (Postfix) with ESMTP id DA8F06312; Fri, 19 Jun 2015 00:10:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h=subject :mime-version:content-type:from:in-reply-to:date:cc:message-id :references:to; s=selector1; bh=LonU6z2PWShRvfckFHnOBIw5SfE=; b= IjwgiVXn28Fb6D4f6a8NRRmyV/ShoSfhHvhZJJghbPebNcI+ltQ+NMLyaQxpsKHN Q5xQ87X83ScvoBn4ab7nLVbERaviTbt9EZCTwDEMgqb69aUW7gIWnP0XexFFzZbi QsH0LAnfwWjH95kzkE/mZQQ+1zZWB5irW+m/0gdfxoY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=subject :mime-version:content-type:from:in-reply-to:date:cc:message-id :references:to; q=dns; s=selector1; b=aeSNngaDQfTp7Lm3zVDp1fEIG3 /Y8q4yjTBV5IFBSqbpKlPMDREnhZOIDYA7y1QzoZ3tDaRuhxBn4SPd4fa92dJ7se zqfminZssfrbTYv9IKcgMcU+li/2JPCnN/uoRDEnwSW8CRm8hS8Shs0W6EX/az1P nGRYEPi1WvgXknr2s=
Received: from gomlefisk.localdomain (unknown [173.38.220.39]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: otroan) by banjo.employees.org (Postfix) with ESMTPSA id 97A676310; Fri, 19 Jun 2015 00:10:55 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by gomlefisk.localdomain (Postfix) with ESMTP id 07C2D4784459; Fri, 19 Jun 2015 09:10:56 +0200 (CEST)
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
Content-Type: multipart/signed; boundary="Apple-Mail=_0102038C-2312-45F0-8103-C7112A646CA3"; protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail 2.5
From: Ole Troan <otroan@employees.org>
In-Reply-To: <20150618220058.GP67883@Space.Net>
Date: Fri, 19 Jun 2015 09:10:55 +0200
Message-Id: <CE57FBE0-B6C0-423D-A7F6-4FFF20FD2C4A@employees.org>
References: <20150515105406.GA3028@ernw.de> <87siav2m6p.fsf@stepladder-it.com> <F1D4404E5E6C614EB9D3083F4D15A7E7C4A92C@hex02> <20150517191841.GA26929@ernw.de> <C07DF957-9A2D-4962-ABAA-DE61F5C5D533@cisco.com> <20150617081424.GA15514@ernw.de> <505DC30B-8ED1-4C75-A13B-FAC9D4E5348C@cisco.com> <20150618220058.GP67883@Space.Net>
To: Gert Doering <gert@space.net>
X-Mailer: Apple Mail (2.2102)
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/eZNTHRKOwRrajeF7S2HPvh1xSV0>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, "ipv6-wg@ripe.net" <ipv6-wg@ripe.net>
Subject: Re: [v6ops] [ipv6-wg] Extension Headers / Impact on Security Devices
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2015 07:10:59 -0000

>> Tell me this. Would you be happier if the fragmentation rule said that the first fragment had to contain the entire IPv6 header, plus the transport layer header (for ACL support)? I think Fernando would support such a statement (I think I have "heard" him make such a statement).
> 
> It would certainly make *me* happier…

done.
RFC7112.

cheers,
Ole