Implications of Oversized IPv6 Header Chains
draft-ietf-6man-oversized-header-chain-09
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2014-01-29
|
09 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2014-01-13
|
09 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2014-01-08
|
09 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2013-12-10
|
09 | Peter Yee | Request for Telechat review by GENART Completed: Ready with Issues. Reviewer: Peter Yee. |
2013-12-08
|
09 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2013-12-06
|
09 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2013-12-06
|
09 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2013-12-04
|
09 | Cindy Morgan | State changed to RFC Ed Queue from Approved-announcement sent |
2013-12-04
|
09 | (System) | RFC Editor state changed to EDIT |
2013-12-04
|
09 | (System) | Announcement was received by RFC Editor |
2013-12-03
|
09 | (System) | IANA Action state changed to In Progress |
2013-12-03
|
09 | Brian Haberman | Notification list changed to : 6man-chairs@tools.ietf.org, draft-ietf-6man-oversized-header-chain@tools.ietf.org |
2013-12-03
|
09 | Amy Vezza | State changed to Approved-announcement sent from Approved-announcement to be sent::AD Followup |
2013-12-03
|
09 | Amy Vezza | IESG has approved the document |
2013-12-03
|
09 | Amy Vezza | Closed "Approve" ballot |
2013-12-03
|
09 | Brian Haberman | Changed consensus to Yes from Unknown |
2013-12-03
|
09 | Brian Haberman | Ballot writeup was changed |
2013-12-03
|
09 | Brian Haberman | Ballot approval text was generated |
2013-11-28
|
09 | Gunter Van de Velde | Closed request for Telechat review by OPSDIR with state 'No Response' |
2013-11-26
|
09 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2013-11-26
|
09 | Fernando Gont | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2013-11-26
|
09 | Fernando Gont | New version available: draft-ietf-6man-oversized-header-chain-09.txt |
2013-11-21
|
08 | Cindy Morgan | State changed to Approved-announcement to be sent::Revised I-D Needed from IESG Evaluation |
2013-11-21
|
08 | Benoît Claise | [Ballot comment] I trust the responsible AD to handle my DISCUSS 1. Please engage in the discussion for this one if you disagree. Abstract … [Ballot comment] I trust the responsible AD to handle my DISCUSS 1. Please engage in the discussion for this one if you disagree. Abstract In those scenarios in which the IPv6 header chain or options are unusually long and packets are fragmented, or scenarios in which the fragment size is very small, the first fragment of a packet may fail to include the entire IPv6 header chain. I was confused by or in "IPv6 header chain or options". The options are the hop-by-hop and destination header options, right? So these are part of the Extension Header, so the IPv6 Header Chain already, no? Proposal: OLD: IPv6 header chain or options NEW: IPv6 header chain (including options) Same remark for This document updates the set of IPv6 specifications to create an overall limit on the size of the combination of IPv6 options and IPv6 Extension Headers that is allowed in a single IPv6 packet. 2. OLD: This specification allows nodes that drop the aforementioned packets to signal such packet drops with ICMPv6 "Parameter Problem, IPv6 first-fragment has incomplete IPv6 header chain" (Type 4, Code TBD) error messages. NEW: This specification allows nodes or intermediate systems that drop the aforementioned packets to signal such packet drops with ICMPv6 "Parameter Problem, IPv6 first-fragment has incomplete IPv6 header chain" (Type 4, Code TBD) error messages. 3. In section 4, it would nice to add: "not an issue for statefull middleboxes" For this comment, take it or leave it |
2013-11-21
|
08 | Benoît Claise | [Ballot Position Update] Position for Benoit Claise has been changed to No Objection from Discuss |
2013-11-21
|
08 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded for Gonzalo Camarillo |
2013-11-21
|
08 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2013-11-20
|
08 | Ted Lemon | [Ballot Position Update] New position, Yes, has been recorded for Ted Lemon |
2013-11-20
|
08 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2013-11-20
|
08 | Sean Turner | [Ballot comment] This is non-blocking ... How often does this happen? I'm asking because I'm curious if there's now going to be huge surge in … [Ballot comment] This is non-blocking ... How often does this happen? I'm asking because I'm curious if there's now going to be huge surge in ICMP error messages indicating discards. Also, I guess I'd reword this: Whether a host or intermediate system originates this ICMP message, its format is identical. to The format for the ICMP message is the same regardles of whether a host or intermediate system originates it. |
2013-11-20
|
08 | Sean Turner | [Ballot Position Update] New position, No Objection, has been recorded for Sean Turner |
2013-11-20
|
08 | Stephen Farrell | [Ballot Position Update] New position, No Objection, has been recorded for Stephen Farrell |
2013-11-20
|
08 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
2013-11-19
|
08 | Richard Barnes | [Ballot Position Update] New position, No Objection, has been recorded for Richard Barnes |
2013-11-18
|
08 | Adrian Farrel | [Ballot Position Update] New position, Yes, has been recorded for Adrian Farrel |
2013-11-18
|
08 | Stewart Bryant | [Ballot comment] Whilst I think this is a useful document, I found the security section a little strange. The authors make it clear that they … [Ballot comment] Whilst I think this is a useful document, I found the security section a little strange. The authors make it clear that they reduce the security risk of the existing protocol. However normally a security section discusses any additional risk of deploying the technology compared to the base protocol, and it is not clear to me as a reader whether or not the author examined this aspect to the problem. |
2013-11-18
|
08 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded for Stewart Bryant |
2013-11-17
|
08 | Benoît Claise | [Ballot discuss] DISCUSS: RFC 1981: IPv6 nodes SHOULD implement Path MTU Discovery in order to discover and take advantage of paths with … [Ballot discuss] DISCUSS: RFC 1981: IPv6 nodes SHOULD implement Path MTU Discovery in order to discover and take advantage of paths with PMTU greater than the IPv6 minimum link MTU [IPv6-SPEC]. draft-ietf-6man-oversized-header-chain: Hosts MAY discover the Path MTU, using procedures such as those defined in [RFC1981] and [RFC4821]. So bug, or is the intend for this document to update RFC 1981? |
2013-11-17
|
08 | Benoît Claise | [Ballot comment] 1. Please engage in the discussion for this one if you disagree. Abstract In those scenarios in which the IPv6 header … [Ballot comment] 1. Please engage in the discussion for this one if you disagree. Abstract In those scenarios in which the IPv6 header chain or options are unusually long and packets are fragmented, or scenarios in which the fragment size is very small, the first fragment of a packet may fail to include the entire IPv6 header chain. I was confused by or in "IPv6 header chain or options". The options are the hop-by-hop and destination header options, right? So these are part of the Extension Header, so the IPv6 Header Chain already, no? Proposal: OLD: IPv6 header chain or options NEW: IPv6 header chain (including options) Same remark for This document updates the set of IPv6 specifications to create an overall limit on the size of the combination of IPv6 options and IPv6 Extension Headers that is allowed in a single IPv6 packet. 2. OLD: This specification allows nodes that drop the aforementioned packets to signal such packet drops with ICMPv6 "Parameter Problem, IPv6 first-fragment has incomplete IPv6 header chain" (Type 4, Code TBD) error messages. NEW: This specification allows nodes or intermediate systems that drop the aforementioned packets to signal such packet drops with ICMPv6 "Parameter Problem, IPv6 first-fragment has incomplete IPv6 header chain" (Type 4, Code TBD) error messages. 3. In section 4, it would nice to add: "not an issue for statefull middleboxes" For this comment, take it or leave it |
2013-11-17
|
08 | Benoît Claise | [Ballot Position Update] New position, Discuss, has been recorded for Benoit Claise |
2013-11-17
|
08 | Joel Jaeggli | [Ballot comment] observation that whatever tool generated this went over the top on page breaks to the point where it would be unreadable as formatted … [Ballot comment] observation that whatever tool generated this went over the top on page breaks to the point where it would be unreadable as formatted were it broken across pages. |
2013-11-17
|
08 | Joel Jaeggli | [Ballot Position Update] New position, Yes, has been recorded for Joel Jaeggli |
2013-11-15
|
08 | Barry Leiba | [Ballot comment] It's probably a good idea to put in an RFC Editor note that asks the RFC Editor to replace "TBD" in Sections 5, … [Ballot comment] It's probably a good idea to put in an RFC Editor note that asks the RFC Editor to replace "TBD" in Sections 5, 6, and 7 with the value assigned by IANA, to mae sure they get all three occurrences. |
2013-11-15
|
08 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2013-11-15
|
08 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Warren Kumari |
2013-11-15
|
08 | Gunter Van de Velde | Request for Telechat review by OPSDIR is assigned to Warren Kumari |
2013-11-14
|
08 | Jean Mahoney | Request for Telechat review by GENART is assigned to Peter Yee |
2013-11-14
|
08 | Jean Mahoney | Request for Telechat review by GENART is assigned to Peter Yee |
2013-11-08
|
08 | Brian Haberman | State changed to IESG Evaluation from Waiting for AD Go-Ahead |
2013-11-08
|
08 | Brian Haberman | State changed to Waiting for AD Go-Ahead from Waiting for Writeup::AD Followup |
2013-11-08
|
08 | Brian Haberman | Placed on agenda for telechat - 2013-11-21 |
2013-11-08
|
08 | Brian Haberman | Ballot has been issued |
2013-11-08
|
08 | Brian Haberman | [Ballot Position Update] New position, Yes, has been recorded for Brian Haberman |
2013-11-08
|
08 | Brian Haberman | Created "Approve" ballot |
2013-11-08
|
08 | Brian Haberman | Ballot writeup was changed |
2013-10-17
|
08 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Tobias Gondrom. |
2013-10-17
|
08 | Peter Yee | Request for Last Call review by GENART Completed: Ready with Issues. Reviewer: Peter Yee. |
2013-10-16
|
08 | Brian Haberman | State changed to Waiting for Writeup::AD Followup from Waiting for Writeup |
2013-10-16
|
08 | (System) | State changed to Waiting for Writeup from In Last Call (ends 2013-10-16) |
2013-10-09
|
08 | Amanda Baber | IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-6man-oversized-header-chain-08. Authors should review the comments and/or questions below. Please report any inaccuracies and respond to any questions as soon … IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-6man-oversized-header-chain-08. Authors should review the comments and/or questions below. Please report any inaccuracies and respond to any questions as soon as possible. IANA's reviewer has the following comments/questions: IANA understands that, upon approval of this document, there is a single action which IANA must complete. In the Type 4 - Parameter Problem subregistry of the ICMPv6 "Code" Fields registry in the Internet Control Message Protocol version 6 (ICMPv6) Parameters page at http://www.iana.org/assignments/icmpv6-parameters/ a single new entry will be added as follows: Code: [ TBD-at-registration ] Name: IPv6 first-fragment has incomplete IPv6 header chain IANA understands that this is the only action required upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. |
2013-10-09
|
08 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
2013-10-03
|
08 | Jean Mahoney | Request for Last Call review by GENART is assigned to Peter Yee |
2013-10-03
|
08 | Jean Mahoney | Request for Last Call review by GENART is assigned to Peter Yee |
2013-10-03
|
08 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Tobias Gondrom |
2013-10-03
|
08 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Tobias Gondrom |
2013-10-02
|
08 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2013-10-02
|
08 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Implications of Oversized IPv6 Header … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Implications of Oversized IPv6 Header Chains) to Proposed Standard The IESG has received a request from the IPv6 Maintenance WG (6man) to consider the following document: - 'Implications of Oversized IPv6 Header Chains' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-10-16. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The IPv6 specification allows IPv6 header chains of an arbitrary size. The specification also allows options which can in turn extend each of the headers. In those scenarios in which the IPv6 header chain or options are unusually long and packets are fragmented, or scenarios in which the fragment size is very small, the first fragment of a packet may fail to include the entire IPv6 header chain. This document discusses the interoperability and security problems of such traffic, and updates RFC 2460 such that the first fragment of a packet is required to contain the entire IPv6 header chain. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-6man-oversized-header-chain/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-6man-oversized-header-chain/ballot/ No IPR declarations have been submitted directly on this I-D. |
2013-10-02
|
08 | Amy Vezza | State changed to In Last Call from Last Call Requested |
2013-10-02
|
08 | Brian Haberman | Last call was requested |
2013-10-02
|
08 | Brian Haberman | Last call announcement was generated |
2013-10-02
|
08 | Brian Haberman | Ballot approval text was generated |
2013-10-02
|
08 | Brian Haberman | Ballot writeup was generated |
2013-10-02
|
08 | Brian Haberman | State changed to Last Call Requested from AD Evaluation::AD Followup |
2013-10-02
|
08 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2013-10-02
|
08 | Fernando Gont | New version available: draft-ietf-6man-oversized-header-chain-08.txt |
2013-10-02
|
08 | Fernando Gont | New version available: draft-ietf-6man-oversized-header-chain-08.txt |
2013-10-01
|
07 | Brian Haberman | State changed to AD Evaluation::Revised I-D Needed from AD Evaluation |
2013-10-01
|
07 | Brian Haberman | All, I have completed my AD evaluation for draft-ietf-6man-oversized-header-chain. I found the document to be concise and well-written. Thank you. I … All, I have completed my AD evaluation for draft-ietf-6man-oversized-header-chain. I found the document to be concise and well-written. Thank you. I only have a few things I would like to see addressed prior to starting an IETF Last Call on this document. 1. The 2nd paragraph of Section 4 (Motivation) could be made more clear. For example, you could indicate if the example first fragment does or does not match the stateless firewall rule. It is inferred that the first fragment does not match the target TCP port since it was dropped, but I like to err on the explicit side. As an aside, wouldn't the subsequent fragments be dropped as well or does the IP destination match the forward rule? 2. I would like to get some clarification on the rule in section 5 that says "A host that receives a first-fragment that does not satisfy the above-stated requirement SHOULD discard that packet". Can you provide some justification for the SHOULD when you made it a MUST for a sending node to ensure the upper-layer header is in the first fragment? Are you assuming some flexibility to support compatibility with older stacks? If so, it would be good to have some guidance on what those stack vendors should do. 3. Why is sending an ICMP error message a MAY? 4. It would be better to be explicit that a host sending an ICMP error message is sending the same ICMP error specified for routers/middleboxes. 5. I would suggest adding a reference to 2460 for the 1280 minimum MTU value. Regards, Brian |
2013-10-01
|
07 | Brian Haberman | Notification list changed to : 6man-chairs@tools.ietf.org, draft-ietf-6man-oversized-header-chain@tools.ietf.org, ipv6@ietf.org |
2013-09-27
|
07 | Brian Haberman | State changed to AD Evaluation from Publication Requested |
2013-09-27
|
07 | Ole Trøan | State Change Notice email list changed to 6man-chairs@tools.ietf.org, draft-ietf-6man-oversized-header-chain@tools.ietf.org |
2013-09-27
|
07 | Ole Trøan | Responsible AD changed to Brian Haberman |
2013-09-27
|
07 | Ole Trøan | IETF WG state changed to Submitted to IESG for Publication |
2013-09-27
|
07 | Ole Trøan | IESG state changed to Publication Requested |
2013-09-27
|
07 | Ole Trøan | Working group state set to Submitted to IESG for Publication |
2013-09-27
|
07 | Ole Trøan | IESG state set to Publication Requested |
2013-09-27
|
07 | Ole Trøan | IESG process started in state Publication Requested |
2013-09-27
|
07 | Ole Trøan | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2013-09-27
|
07 | Ole Trøan | Intended Status changed to Proposed Standard from None |
2013-09-27
|
07 | Ole Trøan | Changed document writeup |
2013-09-27
|
07 | Ole Trøan | Document shepherd changed to Ole Troan |
2013-09-10
|
07 | Fernando Gont | New version available: draft-ietf-6man-oversized-header-chain-07.txt |
2013-09-03
|
06 | Fernando Gont | New version available: draft-ietf-6man-oversized-header-chain-06.txt |
2013-08-31
|
05 | Fernando Gont | New version available: draft-ietf-6man-oversized-header-chain-05.txt |
2013-08-13
|
04 | Fernando Gont | New version available: draft-ietf-6man-oversized-header-chain-04.txt |
2013-07-15
|
03 | Fernando Gont | New version available: draft-ietf-6man-oversized-header-chain-03.txt |
2013-02-20
|
02 | Ole Trøan | IETF state changed to In WG Last Call from WG Document |
2012-11-05
|
02 | Fernando Gont | New version available: draft-ietf-6man-oversized-header-chain-02.txt |
2012-07-16
|
01 | Fernando Gont | New version available: draft-ietf-6man-oversized-header-chain-01.txt |
2012-06-29
|
00 | Fernando Gont | New version available: draft-ietf-6man-oversized-header-chain-00.txt |