Re: [v6ops] IPv6 Extension Headers in the Real World
Jen Linkova <furry@google.com> Wed, 01 October 2014 23:03 UTC
Return-Path: <furry@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C19361A87EB for <v6ops@ietfa.amsl.com>; Wed, 1 Oct 2014 16:03:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.165
X-Spam-Level:
X-Spam-Status: No, score=-2.165 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CzJIeBN3eEgn for <v6ops@ietfa.amsl.com>; Wed, 1 Oct 2014 16:03:05 -0700 (PDT)
Received: from mail-qc0-x22d.google.com (mail-qc0-x22d.google.com [IPv6:2607:f8b0:400d:c01::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 071561A8821 for <v6ops@ietf.org>; Wed, 1 Oct 2014 16:03:04 -0700 (PDT)
Received: by mail-qc0-f173.google.com with SMTP id x13so1302591qcv.18 for <v6ops@ietf.org>; Wed, 01 Oct 2014 16:03:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=i0KOj4OQo5NgW7NFEjHG3seu4PStdFEQ5ezE0v1QT54=; b=dHsYiScZB6A2hdNuc2myGmDT0KbxmD9P6XwPaYss+J8Rkrqk+4Z7qfJv2F2j8wj8oL ljWUdd1vpdqHAu/1L303vfk1VzDmVZ+BLa7DNPp0iT3CTSDn1BD1WgQl+LqTMQyS9+pm GBkrrVxTKk3QejQ+ukf0t9hV8HaRgpGwY7DU8eP0b+bcqm3vNoXajEr+j9KfzBLYpx5i RAya/xdDE+hTWulUCJU+LaCedSW3SMo6HgNo/xSkRmtQEndQ+rE0lX1WPtMvbLMuVj7g GQ/A/4u/npr/BHJ/IY2eX+7kTQGKs9SbD8gFiQBcXDxOMJTM4sQZIARU06RASqFJ+2is 7hZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=i0KOj4OQo5NgW7NFEjHG3seu4PStdFEQ5ezE0v1QT54=; b=ItrQb1AgeX47Jxx3k8ZvIycPacHRhGra4J7MfL0h5lmfYTYdsYNUmnAvOCV1fpUwV9 GDFHdL1v2KZQtUyx6aB2ZqM3Vp0qqX4bZB2tg1p9jNVSSDETx+SIPsz8z+/89VQBCH/L mc7J5sKC5/mjW9s5gOXLpU91vXXfkgCZYFDkRgo/NKVkP/ynG/mSz3l7VIrJL+Y0DgV7 ZfPCP3nZukUaz0h9zfkpdE+OgQut4AlqMSTVJuwo/LCviNnt3XBFRpdczqiE+x9cXYWs vMEBk7n0Ayy+8NORwaNYV8X8nKrfrSoX4fehRrX4YpT5mERTT2Wc1Ul1am5wYnt/JrJq iztg==
X-Gm-Message-State: ALoCoQm12CNchocZlzO8RmyiH4kqpfKyAqPNVH6LJPzFjmrkYoHV6qX6If/LuXB5CscQRG8pL2vW
X-Received: by 10.140.48.1 with SMTP id n1mr29522183qga.104.1412204584237; Wed, 01 Oct 2014 16:03:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.234.71 with HTTP; Wed, 1 Oct 2014 16:02:43 -0700 (PDT)
In-Reply-To: <542C81B7.10601@isi.edu>
References: <542A36AC.9030203@gont.com.ar> <542C81B7.10601@isi.edu>
From: Jen Linkova <furry@google.com>
Date: Thu, 02 Oct 2014 01:02:43 +0200
Message-ID: <CABKWDgwGzd7L2Kp4N-gGi8q9=fhSm8oxT=2gYvjRBWLZZ1BpeA@mail.gmail.com>
To: Joe Touch <touch@isi.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/zse0U0zRngI9MdKz3W2KLymx7oY
X-Mailman-Approved-At: Mon, 06 Oct 2014 08:30:02 -0700
Cc: "draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org" <draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org>, IPv6 Operations <v6ops@ietf.org>, V6ops Chairs <v6ops-chairs@tools.ietf.org>, Fernando Gont <fernando@gont.com.ar>
Subject: Re: [v6ops] IPv6 Extension Headers in the Real World
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2014 23:13:58 -0000
On Thu, Oct 2, 2014 at 12:35 AM, Joe Touch <touch@isi.edu> wrote: > There is no need for multiple documents on this topic. This information > should be rolled into draft-gont-opsec-ipv6-eh-filtering-02 I agree that those two documents d overlap - especially in the section of ipv6-ehs-in-real-world which discusses the security implication of filtering (I believe it's a very good idea to add either such section or a reference to this draft to opsec-ipv6-eh-filtering-02). I'm not so sure if both documents should be merged as one is documenting the operational experience and the current situation while another one is providing some recommendations. > > On 9/29/2014 9:50 PM, Fernando Gont wrote: >> Folks, >> >> Earlier in September we published a revision of our I-D "IPv6 Extension >> Headers in the Real World" >> (<https://tools.ietf.org/html/draft-gont-v6ops-ipv6-ehs-in-real-world>). >> >> At this point in time, we're interested in knowing whether our I-D is of >> value for the IPv6 ops community, such that we can decide whether to >> continue working/improving it. Additionally, if there's anything you >> think we've missed in the document, we'd like to hear from you. >> >> Overall, our I-D is meant to provide a reality-check with respect to the >> issues surrounding IPv6 Extension Headers and their use on the public >> Internet. More specifically, its goals are: >> >> 1) Provide data regarding support of IPv6 EHs in the real world. >> >> This is interesting data to refer people to (e.g., folks >> developing protocols) regarding the extent to which IPv6 EHs >> are usable on the public Internet (at least with web, mail, and >> name servers). >> >> >> 2) Summarize the issues associated with IPv6 EHs (performance, security, >> etc.) >> >> This is of use for folks concerned with the issues surrounding >> IPv6 EHs, and covers practical issues. >> >> >> 3) Summarizes the implications of the aforementioned filtering. >> >> For example, if you're designing a protocol that is meant to >> work on the public Internet, you may want to provide some fall-back >> mechanism that does not employ IPv6 EHs. >> >> Yet another of the implications is the security issue that has >> been discussed on-list: if e.g. IPv6 fragments are dropped and you >> can be tricked into generating them, you may be subject to a DoS >> attack. >> >> >> 4) Flag possible further work >> >> Here we try to flag areas where the further work may be needed, >> such as adding fall-back mechanisms to some existing protocols, >> or avoiding the use of IPv6 EHs where possible. >> >> >> Thanks! >> >> Best regards, >> -- sincerely yours, Jen Linkova a.k.a Furry Network Engineer Brandschenkestrasse 110, 8002 Zurich, Switzerland Company Identifikationsnummer: CH-020.4.028.116-1 This email can contain confidential information.If you received this email by mistake, do not pass it to third parties and delete all copies and enclosures, and let us know that it has been delivered to wrong address. Thank you.
- [v6ops] IPv6 Extension Headers in the Real World Fernando Gont
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Brian E Carpenter
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Warren Kumari
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Merike Kaeo
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Joe Touch
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Tim Chown
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Joe Touch
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Doug Barton
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Lorenzo Colitti
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Metzler, Dan J
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Tim Chown
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Joe Touch
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Fred Baker (fred)
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Metzler, Dan J
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Fernando Gont
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Joe Touch
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Fernando Gont
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Tim Chown
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Joe Touch
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Jen Linkova
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Joe Touch
- Re: [v6ops] IPv6 Extension Headers in the Real Wo… Fernando Gont