Re: [v6ops] WG Doc? draft-gont-v6ops-ipv6-ehs-packet-drops

joel jaeggli <joelja@bogus.com> Thu, 17 March 2016 21:54 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57B0112D8CA for <v6ops@ietfa.amsl.com>; Thu, 17 Mar 2016 14:54:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qg0jRFdiIwEH for <v6ops@ietfa.amsl.com>; Thu, 17 Mar 2016 14:54:02 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6EF112D57F for <v6ops@ietf.org>; Thu, 17 Mar 2016 14:54:02 -0700 (PDT)
Received: from mb-2.local ([8.18.217.194]) (authenticated bits=0) by nagasaki.bogus.com (8.14.9/8.14.9) with ESMTP id u2HLrxPd030751 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 17 Mar 2016 21:54:00 GMT (envelope-from joelja@bogus.com)
To: otroan@employees.org
References: <A277BE71-BD70-4AFE-97DA-F224D7DBBCB8@cisco.com> <CALx6S353ognNHWnjbNSdW5hb_e6Hv3LqLa_r+e9yEW4F=cjH=A@mail.gmail.com> <56E6FC18.1060304@foobar.org> <CALx6S35pcSj_LLnDWJ68KwSYiHeu6FwrXTaR4N2xE6aY7MRO1A@mail.gmail.com> <CAHw9_iLbqEvsw0x4dDcA3Zy3SXKUROcQuy5nSynsL9Xi+xrZLg@mail.gmail.com> <566C93D0-62FF-4700-BC05-7F9AF12AF1BD@employees.org> <56E892B8.9030902@foobar.org> <394925FE-FAB1-4FFC-B1CF-4F64CC58F613@employees.org> <56E94275.20700@foobar.org> <3AE1DE20-D735-4262-A3FB-7C01F30BAFA2@employees.org> <56E96F74.7000206@foobar.org> <CALx6S37zP4UvCtBJsvnPN6OmDB0OQDMfRrJNy1XF0t4COStUjQ@mail.gmail.com> <56E98086.504 0209@foobar.org> <EE17974D-EDA4-4732-B29E-B2B3BC36DB86@employees.org> <56E9A16B.4030605@si6networks.com> <A2634C00-EBF8-48DA-9604-790F5213F536@employees.org> <56EA93C0.104090 4@si6networks.com> <34E270CB-AEB4-4034-99B8-1E6AB528CF67@employees.org> <d6967727-1fd6-1d43-0fbb- f665ed20e101@bogus.com> <3AE9BA3C-E7B6-4C0F-B6B4-5A737485123D@employees.org>
From: joel jaeggli <joelja@bogus.com>
Message-ID: <8e822f51-fc8c-8dc4-bb38-f089a6e7742a@bogus.com>
Date: Thu, 17 Mar 2016 14:53:58 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <3AE9BA3C-E7B6-4C0F-B6B4-5A737485123D@employees.org>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="fnUwKV8nnWuxrN8EgL3XdTSBWsgHadQ0U"
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/qfLWYz5IrCdmgxj1iXVF2_sq5Ik>
Cc: Fernando Gont <fgont@si6networks.com>, "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] WG Doc? draft-gont-v6ops-ipv6-ehs-packet-drops
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2016 21:54:04 -0000

On 3/17/16 2:09 PM, otroan@employees.org wrote:
> Joel,
> 
>>>> I get the impression that discussions on EHs are unpopular, because
>>>> people don't like to admit when there's a problem. But being n
>>>> engineering group, I think we better admit problems and do our best to
>>>> come up with solutions, than pretend there's no problem at all.
>>>
>>> the problems are well known, just that there aren't any solutions.
>>
>> I'm pretty sure that isn't an acceptable answer in the long run. If one
>> belives that we should be offering guidance to implementors and
>> operators such that filtering is either less a persistent violation of
>> expections or ceases to be an issue in the long term. simply pretending
>> that the issue doesn't exist is a pretty bad message to developers.
> 
> let me ask differently.
> 
> how is this "problem" any different from:
>  - "unknown" L4 header

unknown is rather different than unfound if you're actually attempting
to parse the header chain. you still have a binary decision to make with
respect to forwarding or not.

>  - IPsec encryption
>  - L4 encryption (it's all port 443)
>  - tunnels

Because if you filter any of these three that's generally the product of
a deliberate policy enforcement action rather than due to a collateral
damage from another decision.

> Cheers,
> Ole
> 
>