Re: [v6ops] Extension Headers / Impact on Security Devices

Joe Touch <touch@isi.edu> Tue, 19 May 2015 18:59 UTC

Return-Path: <touch@isi.edu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 892841ACC8C for <v6ops@ietfa.amsl.com>; Tue, 19 May 2015 11:59:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BvSJn1SguYyN for <v6ops@ietfa.amsl.com>; Tue, 19 May 2015 11:59:50 -0700 (PDT)
Received: from webspace.isi.edu (webspace.isi.edu [128.9.64.65]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9462C1ACCDE for <v6ops@ietf.org>; Tue, 19 May 2015 11:59:48 -0700 (PDT)
Received: from [128.9.160.252] (pen.isi.edu [128.9.160.252]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id t4JItGSm020906 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 19 May 2015 11:55:16 -0700 (PDT)
Message-ID: <555B8712.9080906@isi.edu>
Date: Tue, 19 May 2015 11:55:14 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: sthaug@nethelp.no, otroan@employees.org
References: <20150515113728.GH3028@ernw.de> <7449B614-BF21-4AD8-A642-831D5B385B41@employees.org> <20150518.134312.74662992.sthaug@nethelp.no>
In-Reply-To: <20150518.134312.74662992.sthaug@nethelp.no>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/y9RZH06tGwQF7uCRGcfP6d-rsEU>
Cc: v6ops@ietf.org
Subject: Re: [v6ops] Extension Headers / Impact on Security Devices
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2015 18:59:52 -0000


On 5/18/2015 4:43 AM, sthaug@nethelp.no wrote:
>>> - it has not happened in the past 17 yrs (since publication of RFC2460) that compelling, Internet-scale use cases of extension headers have been brought up.
>>
>> this is clearly wrong. FH, AH, ESP are all widely deployed.
>> any form of tunnelling is essentially either using the IP header as an extension header. including GRE.
> 
> AH is in RFC 2402 (1998).
> ESP is in RFC 2406 (1998).
> FH is in RFC 2460 (1998).
> 
> Do we have any examples of Internet-scale use cases where the extension
> header has been defined *after* RFC 2460?

The following are defined after 2460:

135 	Mobility Header 			[RFC6275]
139 	Host Identity Protocol 			[RFC7401]
140 	Shim6 Protocol 				[RFC5533]
253 	Use for experimentation and testing 	[RFC3692][RFC4727]
254 	Use for experimentation and testing 	[RFC3692][RFC4727]

FWIW.

Joe