IETF Logo Mail Archive

Re: [v6ops] IPv6 Extension Headers in the Real World

Jen Linkova <furry@google.com> Wed, 01 October 2014 23:03 UTC

Return-Path: <furry@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C19361A87EB for <v6ops@ietfa.amsl.com>; Wed, 1 Oct 2014 16:03:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.165
X-Spam-Level:
X-Spam-Status: No, score=-2.165 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CzJIeBN3eEgn for <v6ops@ietfa.amsl.com>; Wed, 1 Oct 2014 16:03:05 -0700 (PDT)
Received: from mail-qc0-x22d.google.com (mail-qc0-x22d.google.com [IPv6:2607:f8b0:400d:c01::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 071561A8821 for <v6ops@ietf.org>; Wed, 1 Oct 2014 16:03:04 -0700 (PDT)
Received: by mail-qc0-f173.google.com with SMTP id x13so1302591qcv.18 for <v6ops@ietf.org>; Wed, 01 Oct 2014 16:03:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=i0KOj4OQo5NgW7NFEjHG3seu4PStdFEQ5ezE0v1QT54=; b=dHsYiScZB6A2hdNuc2myGmDT0KbxmD9P6XwPaYss+J8Rkrqk+4Z7qfJv2F2j8wj8oL ljWUdd1vpdqHAu/1L303vfk1VzDmVZ+BLa7DNPp0iT3CTSDn1BD1WgQl+LqTMQyS9+pm GBkrrVxTKk3QejQ+ukf0t9hV8HaRgpGwY7DU8eP0b+bcqm3vNoXajEr+j9KfzBLYpx5i RAya/xdDE+hTWulUCJU+LaCedSW3SMo6HgNo/xSkRmtQEndQ+rE0lX1WPtMvbLMuVj7g GQ/A/4u/npr/BHJ/IY2eX+7kTQGKs9SbD8gFiQBcXDxOMJTM4sQZIARU06RASqFJ+2is 7hZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=i0KOj4OQo5NgW7NFEjHG3seu4PStdFEQ5ezE0v1QT54=; b=ItrQb1AgeX47Jxx3k8ZvIycPacHRhGra4J7MfL0h5lmfYTYdsYNUmnAvOCV1fpUwV9 GDFHdL1v2KZQtUyx6aB2ZqM3Vp0qqX4bZB2tg1p9jNVSSDETx+SIPsz8z+/89VQBCH/L mc7J5sKC5/mjW9s5gOXLpU91vXXfkgCZYFDkRgo/NKVkP/ynG/mSz3l7VIrJL+Y0DgV7 ZfPCP3nZukUaz0h9zfkpdE+OgQut4AlqMSTVJuwo/LCviNnt3XBFRpdczqiE+x9cXYWs vMEBk7n0Ayy+8NORwaNYV8X8nKrfrSoX4fehRrX4YpT5mERTT2Wc1Ul1am5wYnt/JrJq iztg==
X-Gm-Message-State: ALoCoQm12CNchocZlzO8RmyiH4kqpfKyAqPNVH6LJPzFjmrkYoHV6qX6If/LuXB5CscQRG8pL2vW
X-Received: by 10.140.48.1 with SMTP id n1mr29522183qga.104.1412204584237; Wed, 01 Oct 2014 16:03:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.234.71 with HTTP; Wed, 1 Oct 2014 16:02:43 -0700 (PDT)
In-Reply-To: <542C81B7.10601@isi.edu>
References: <542A36AC.9030203@gont.com.ar> <542C81B7.10601@isi.edu>
From: Jen Linkova <furry@google.com>
Date: Thu, 02 Oct 2014 01:02:43 +0200
Message-ID: <CABKWDgwGzd7L2Kp4N-gGi8q9=fhSm8oxT=2gYvjRBWLZZ1BpeA@mail.gmail.com>
To: Joe Touch <touch@isi.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/zse0U0zRngI9MdKz3W2KLymx7oY
X-Mailman-Approved-At: Mon, 06 Oct 2014 08:30:02 -0700
Cc: "draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org" <draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org>, IPv6 Operations <v6ops@ietf.org>, V6ops Chairs <v6ops-chairs@tools.ietf.org>, Fernando Gont <fernando@gont.com.ar>
Subject: Re: [v6ops] IPv6 Extension Headers in the Real World
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2014 23:13:58 -0000

On Thu, Oct 2, 2014 at 12:35 AM, Joe Touch <touch@isi.edu> wrote:
> There is no need for multiple documents on this topic. This information
> should be rolled into draft-gont-opsec-ipv6-eh-filtering-02

I agree that those two documents d overlap - especially in the section
of ipv6-ehs-in-real-world  which discusses the security implication of
filtering (I believe it's a very good idea to add either such section
or a reference to this draft to opsec-ipv6-eh-filtering-02). I'm not
so sure if both documents should be merged as one is documenting the
operational experience and the current situation while another one is
providing some recommendations.

>
> On 9/29/2014 9:50 PM, Fernando Gont wrote:
>> Folks,
>>
>> Earlier in September we published a revision of our I-D "IPv6 Extension
>> Headers in the Real World"
>> (<https://tools.ietf.org/html/draft-gont-v6ops-ipv6-ehs-in-real-world>).
>>
>> At this point in time, we're interested in knowing whether our I-D is of
>> value for the IPv6 ops community, such that we can decide whether to
>> continue working/improving it. Additionally, if there's anything you
>> think we've missed in the document, we'd like to hear from you.
>>
>> Overall, our I-D is meant to provide a reality-check with respect to the
>> issues surrounding IPv6 Extension Headers and their use on the public
>> Internet. More specifically, its goals are:
>>
>> 1) Provide data regarding support of IPv6 EHs in the real world.
>>
>>     This is interesting data to refer people to (e.g., folks
>>     developing protocols) regarding the extent to which IPv6 EHs
>>     are usable on the public Internet (at least with web, mail, and
>>     name servers).
>>
>>
>> 2) Summarize the issues associated with IPv6 EHs (performance, security,
>> etc.)
>>
>>     This is of use for folks concerned with the issues surrounding
>>     IPv6 EHs, and covers practical issues.
>>
>>
>> 3) Summarizes the implications of the aforementioned filtering.
>>
>>     For example, if you're designing a protocol that is meant to
>>     work on the public Internet, you may want to provide some fall-back
>>     mechanism that does not employ IPv6 EHs.
>>
>>     Yet another of the implications is the security issue that has
>>     been discussed on-list: if e.g. IPv6 fragments are dropped and you
>>     can be tricked into generating them, you may be subject to a DoS
>>     attack.
>>
>>
>> 4) Flag possible further work
>>
>>    Here we try to flag areas where the further work may be needed,
>>    such as adding fall-back mechanisms to some existing protocols,
>>    or avoiding the use of IPv6 EHs where possible.
>>
>>
>> Thanks!
>>
>> Best regards,
>>



-- 
sincerely yours,
Jen Linkova a.k.a Furry
Network Engineer
Brandschenkestrasse 110, 8002 Zurich, Switzerland
Company Identifikationsnummer: CH-020.4.028.116-1
This email can contain confidential information.If you received this
email by mistake, do not pass it to third parties and delete all
copies and enclosures, and let us know that it has been delivered to
wrong address. Thank you.

v2.23.0 | Report a Bug | By Email