Re: [v6ops] Extension Headers / Impact on Security Devices

"Fred Baker (fred)" <fred@cisco.com> Wed, 17 June 2015 04:45 UTC

Return-Path: <fred@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B85F1B3BC3 for <v6ops@ietfa.amsl.com>; Tue, 16 Jun 2015 21:45:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -114.511
X-Spam-Level:
X-Spam-Status: No, score=-114.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gxfNJBb34r-p for <v6ops@ietfa.amsl.com>; Tue, 16 Jun 2015 21:45:18 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F9871B3BC2 for <v6ops@ietf.org>; Tue, 16 Jun 2015 21:45:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1883; q=dns/txt; s=iport; t=1434516318; x=1435725918; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=zMkqhQr3EyznEbnSEWUMu2s38gyb/kCcti70zMs5+o8=; b=LJKjb/tbPfKi9e4Nu/y4tSzE1+yqpQ7dMJMAtYAeRQ2+oqNmpE70iwoP tGuL/R2K8NAzl+d9CrJcn5CLl3ULZJHqGVhX7EvAfrIz21ZbivEORlTPC Drgdk0mJkM7lNgAbg6OzdrsJnM6PwM1In4833yWkFgwuLr1jqa9MBJrH+ U=;
X-Files: signature.asc : 833
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CNBABD+oBV/4wNJK1bgxCBMwa+IAmHXQKBTjgUAQEBAQEBAYEKhCIBAQEDAXkFCwIBCBguIRElAgQOBQ6IDAMKCMgfDYVBAQEBAQEBAQEBAQEBAQEBAQEBAQEYi0SCTYI5B4MXgRYBBJNfAYIhgU2FdYFhkQKHFiaDeW8BgUWBAQEBAQ
X-IronPort-AV: E=Sophos; i="5.13,630,1427760000"; d="asc'?scan'208"; a="7900033"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-3.cisco.com with ESMTP; 17 Jun 2015 04:45:16 +0000
Received: from xhc-aln-x10.cisco.com (xhc-aln-x10.cisco.com [173.36.12.84]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id t5H4jGLG003325 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 17 Jun 2015 04:45:16 GMT
Received: from xmb-rcd-x09.cisco.com ([169.254.9.178]) by xhc-aln-x10.cisco.com ([173.36.12.84]) with mapi id 14.03.0195.001; Tue, 16 Jun 2015 23:45:16 -0500
From: "Fred Baker (fred)" <fred@cisco.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Thread-Topic: [v6ops] Extension Headers / Impact on Security Devices
Thread-Index: AQHQqLhnphTDGj0EuU+xxVy221c3fw==
Date: Wed, 17 Jun 2015 04:45:15 +0000
Message-ID: <8447882A-6B4B-4ABE-9BDF-5DA7AFE13AB1@cisco.com>
References: <20150515105406.GA3028@ernw.de> <87siav2m6p.fsf@stepladder-it.com> <F1D4404E5E6C614EB9D3083F4D15A7E7C4A92C@hex02> <D17F4C51.4ABB0%evyncke@cisco.com> <20150611165858.GT39827@ernw.de> <CAFU7BAR7m0sZsU9Rc=fUao32zaRE1=9XMBWjiL0AukehdpVpWQ@mail.gmail.com> <5580CC33.2080503@gmail.com>
In-Reply-To: <5580CC33.2080503@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.19.64.123]
Content-Type: multipart/signed; boundary="Apple-Mail=_AB95CB2B-B0CC-4AA7-9798-05D6C5F28777"; protocol="application/pgp-signature"; micalg="pgp-sha1"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/g59RPIR-2gg1sLxww3zxYDeQ0xY>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, "ipv6-wg@ripe.net IPv6" <ipv6-wg@ripe.net>
Subject: Re: [v6ops] Extension Headers / Impact on Security Devices
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2015 04:45:19 -0000

> On Jun 16, 2015, at 6:24 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> 
> Personally I still think RFC 7045 is the most realistic on this point,
> but Fred would like things to get better ;-).

And I haven't finished with Dennis Ferguson's comment.

Bottom line, if one accepts the present status quo as the state forever, then we should stop with RFC 7045, and (with Fernando) agree to deprecate all extension headers. I'd like to not do that, and the only way I see to not do that is to not accept the status quo.