IETF Logo Mail Archive

Re: [v6ops] new draft: draft-taylor-v6ops-fragdrop

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 01 November 2012 15:06 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8409421F8DD6 for <v6ops@ietfa.amsl.com>; Thu, 1 Nov 2012 08:06:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.496
X-Spam-Level:
X-Spam-Status: No, score=-101.496 tagged_above=-999 required=5 tests=[AWL=-0.105, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_ILLEGAL_IP=1.908, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UFP1LmgQ3bSq for <v6ops@ietfa.amsl.com>; Thu, 1 Nov 2012 08:06:44 -0700 (PDT)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id D59B621F8DBE for <v6ops@ietf.org>; Thu, 1 Nov 2012 08:06:43 -0700 (PDT)
Received: by mail-wg0-f44.google.com with SMTP id dr13so1240600wgb.13 for <v6ops@ietf.org>; Thu, 01 Nov 2012 08:06:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=ZOdRANw2ewV7YQ/GY+E/3hRW3ri2JgXjxQZ/XaQfafo=; b=tasqHTJl28okcrqt7KQDe55kYrJfeXPHPK0gfsUdIbmk6eyB+00/oKizAELm3u66qv wx/lvj+WhLhUl4vTRMLvQwL0PZ0yR+PfLXI5DPKziP8aq2V768f2zgtjWL150yAKOOVB eoPEsvdNtYDxa0zBF5UEEfzYtKB8Q2kqAdUqLZu3ZTv0z5a1e59JyEhoST/Go+DFnhLs 4zeRIqBMLw6iMlvhwCBS+4fW2VGmC4IsLWuplYG+1+Gi/s9RvV7hEQafLLWC4BwZgLNQ 9AAQNmeVh4aHedqwgfzSG1FMZT6Ev9xNztOKWO3VCSA6WQ1xSM0mnfHsk7Kx0WmWk5NS gLRA==
Received: by 10.216.139.137 with SMTP id c9mr19530182wej.54.1351782403017; Thu, 01 Nov 2012 08:06:43 -0700 (PDT)
Received: from [192.168.1.65] (host-2-102-216-140.as13285.net. [2.102.216.140]) by mx.google.com with ESMTPS id k20sm22321775wiv.11.2012.11.01.08.06.40 (version=SSLv3 cipher=OTHER); Thu, 01 Nov 2012 08:06:41 -0700 (PDT)
Message-ID: <5092900C.3090708@gmail.com>
Date: Thu, 01 Nov 2012 15:06:52 +0000
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Ole Trøan <otroan@employees.org>
References: <CAKD1Yr13cNspdWvTaXxHt4R_8UB-CKeA4nq8_XWrkbFGCgW7Gg@mail.gmail.com> <5090DECF.3050100@gmail.com> <CAKD1Yr1dUy-f78A2+kfA7NjpzD0WQRT8iwqGYAm5A=Erodpn-A@mail.gmail.com> <20121031.122110.41655699.sthaug@nethelp.no> <50910E41.2030100@gmail.com> <CAKD1Yr0mTTcVeq+Qf0fLv3UCBP_90QmStkK3Ha4tDdm3FxJjVA@mail.gmail.com> <50915F86.7050304@gmail.com> <509165B8.404@si6networks.com> <509169C2.9040208@isi.edu> <50916F21.6030303@si6networks.com> <509174F1.8080809@isi.edu> <50924264.7040300@gmail.com> <76E349F3-6022-4042-9B44-57507593B8DE@employees.org>
In-Reply-To: <76E349F3-6022-4042-9B44-57507593B8DE@employees.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: Fernando Gont <fgont@si6networks.com>, v6ops@ietf.org
Subject: Re: [v6ops] new draft: draft-taylor-v6ops-fragdrop
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2012 15:06:44 -0000

On 01/11/2012 11:16, Ole Trøan wrote:
>>>>> Yes, but the whole point of the IPv6 option architecture was to avoid
>>>>> the issues seen with IPv4 options.
>>>> The only thing in that IPv6 would avoid is requiring routers to parse
>>>> *all* options, just to find the ones that need to be processed by
>>>> routers.
>>> Yes.
>> No. The only extension header that *needs* to be parsed by intermediate
>> routers is the hop-by-hop options header, and that is the first one (if
>> present).
>>
>> (You can legitimately argue that the hbh header and the routing header
>> are effectively useless, but that doesn't break fundamental connectivity.)
>>
>> IPv6 routers should have nothing to do with fragmentation.
>>
>> The problem is due to middleboxes that break the IPv6 spec by inspecting
>> any part of the packet beyond the hop-by-hop header and discarding what
>> they don't understand.
> 
> 
> quite.
> what stops these boxes from filtering IPsec, TLS, or anything that isn't HTTP with a
> whitewashed URL?
> 
> I don't see how we can build protocols to accommodate middle boxes, and
> we have already done RFC3514.

We can't; it's an arms race, because however we try to hide the good stuff,
those boxes will eventually be "improved" to find it.

All we can do is understand and document the harm.

    Brian

v2.23.0 | Report a Bug | By Email