Re: [v6ops] Extension Headers / Impact on Security Devices

"Fred Baker (fred)" <fred@cisco.com> Fri, 29 May 2015 19:39 UTC

Return-Path: <fred@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71A5C1B2CDF for <v6ops@ietfa.amsl.com>; Fri, 29 May 2015 12:39:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -114.511
X-Spam-Level:
X-Spam-Status: No, score=-114.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lD3aORAlD8Sa for <v6ops@ietfa.amsl.com>; Fri, 29 May 2015 12:39:12 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC51D1B2CDC for <v6ops@ietf.org>; Fri, 29 May 2015 12:39:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1726; q=dns/txt; s=iport; t=1432928346; x=1434137946; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=LW/evEMRdcKFqb4X4COeS7z2xGml9H4G1i5vsU+tFdY=; b=mFiMK+knbXvV51SJQ10F79OVs9XMOkcfPG5xhCauTFEl0YfKr7XQr8sI BsxoE2dhSNuO9nr7jO40ZHSUmH3c7SMOdPyUNddgXJlgyfwJJMco0A0rp UYlNLN19YLQEFzXgp+V4YWzBqus4YRGz/UYeN4RJj930ua6ljw03yu65J Q=;
X-Files: signature.asc : 833
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D6AwC2v2hV/5RdJa1cDoMCgTIGviUJh1ECgUg4FAEBAQEBAQGBCoQiAQEBAwF5BQsCAQgYLjIlAgQOBQ6IFwjVLAEBAQEBAQEBAQEBAQEBAQEBAQEBGItDhQYHgxeBFgEEkwqCEoFDhz2XMiODOj5vgUaBAQEBAQ
X-IronPort-AV: E=Sophos;i="5.13,519,1427760000"; d="asc'?scan'208";a="154699853"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-6.cisco.com with ESMTP; 29 May 2015 19:39:06 +0000
Received: from xhc-aln-x07.cisco.com (xhc-aln-x07.cisco.com [173.36.12.81]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id t4TJd6EN027442 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 29 May 2015 19:39:06 GMT
Received: from xmb-rcd-x09.cisco.com ([169.254.9.134]) by xhc-aln-x07.cisco.com ([173.36.12.81]) with mapi id 14.03.0195.001; Fri, 29 May 2015 14:39:06 -0500
From: "Fred Baker (fred)" <fred@cisco.com>
To: Joe Touch <touch@isi.edu>
Thread-Topic: [v6ops] Extension Headers / Impact on Security Devices
Thread-Index: AQHQmkcfWFDVEK2vxUOLrYvhZ1YY8g==
Date: Fri, 29 May 2015 19:39:05 +0000
Message-ID: <47D28817-A778-4F1C-99E9-2EEBAA39F5B6@cisco.com>
References: <555AB8FA.2080405@si6networks.com> <F6AA9AEA-49F0-488C-84EA-50BE103987C8@nominum.com> <555B8622.5000806@isi.edu> <555BA184.8080701@gmail.com> <555BA43F.8010303@isi.edu> <5564FB74.5020303@gmail.com> <5564FE3F.4050102@isi.edu> <556503CF.4030101@gmail.com> <55650821.4060907@isi.edu> <55650E82.3090407@gmail.com> <20150527073943.GA54385@Space.Net> <5565FDB1.2070307@isi.edu>
In-Reply-To: <5565FDB1.2070307@isi.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.19.64.119]
Content-Type: multipart/signed; boundary="Apple-Mail=_A485377B-7B9B-4B70-A263-6CCBE0F005D7"; protocol="application/pgp-signature"; micalg=pgp-sha1
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/injcveg3haE9J1AYBvbzvcIUfSM>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Extension Headers / Impact on Security Devices
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 May 2015 19:39:13 -0000

> On May 27, 2015, at 10:24 AM, Joe Touch <touch@isi.edu> wrote:
> 
> So I would think that they MUST NOT be added to IPv6 datagrams except by
> the source.

You might consider commenting in Spring, then. They are designed as something that would be added in, and potentially removed again in, the network. They are something the ultimate source and destination need never see.