[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng 5759) Re: [Karen Seo: Thomas Narten -- clarification, etc.]



   Date: Mon, 04 May 1998 12:09:44 -0400
   From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>

   However, the fact that the host implementation is in two pieces allows
   for the possibility that the "real host" can generate extension
   headers which the "bump" doesn't know about.  Actually, given modular
   software components, the same thing can happen within a single host
   implementation.  

   >From an engineering point of view, I think there should clearly be a
   specified behavior in the presence of unknown extension headers..

The question is what a BITW (Bump In The Wire) implementation will do
when it tries to apply AH.  RFC 1883 specifies a recommended IPv6
extension header order:

           IPv6 header
           Hop-by-Hop Options header
           Destination Options header (note 1)
           Routing header
           Fragment header
           Authentication header (note 2)
           Encapsulating Security Payload header (note 2)
           Destination Options header (note 3)
           upper-layer header

So, presumably a BITW implementation will need to paw through the
extension headers looking for the right place to insert the AH header.
Question --- what should it do if it finds an extension header that it
doesn't know about?  I suppose it could add the AH header before the
unknown extension header, but it's not clear that will always be the
right thing. 

In fact, I'm not sure that a BITW implementation is a good idea for
IPV6, given my quick exposure to it.  If the IPNG working group wants to
preserve flexibility about adding new extension headers, some before the
Authentication Header (so that intervening network-layer devices can
more easily look at them, or <shudder> modify them), and some after the
Authentication Header, it's not at all clear how to make this work with
a BITW implementation that doesn't know where to insert the
authentication header.  (And while we've been using the AH in this
discussion, the same concerns apply for ESP as well.  The question is at
what point in the extension headers do you apply the security protocol
when doing a BITW implementation.)

					- Ted



Follow-Ups: References: