I'm increasingly baffled by the use case. If the host is
in a context where it can reach a server *and* has more than
one interface (such that a ZoneID is needed at all), it
shouldn't be using a link local address anyway - it
should have configured a global scope address (possibly
under a ULA prefix). Discussion of this use case surely
belongs in MIF or HOMENET.
Brian
On 29/05/2013 07:34, Ray Hunter wrote:
> Warning: post contains dumb questions.
>
> Michael Sweet wrote:
>> Christian,
>>
>> On 2013-05-24, at 1:45 PM, Christian Huitema <huit...@microsoft.com> wrote:
>>> Can we move from the process discussion to the technical discussion?
>>>
>>> Michael raised an interesting issue, and we have to analyze it. The
>>> consensus of the working group so far is that interface identifiers are
>>> private to the host, that any leakage outside the host should be prevented,
>>> and that a way to prevent that leakage is to ask proxies to erase them
>>> whenever they have an opportunity. Michael points that some servers take an
>>> opposite approach, want to record the interface from which the host called
>>> them, and want to ensure that further calls in the same session use exactly
>>> the same interface. That seems that a fairly legitimate debate, and I can
>>> see two alternatives -- one would be to reaffirm the old guidance and
>>> provides alternative to ensure session continuity, and the other would be
>>> to reverse the guidance and accept that the layer violation performed by
>>> servers is just fine.
>>
>> (the following is printer-centric, but the same applies to network video
>> cameras and other embedded network devices)
>>
>> Some background: HTTP and IPP services in printers include absolute URIs in
>> the content they return. For IPP this can be http/https URLs to the
>> printer's web page, ICC profiles, and other resources, along with the
>> ipp/ipps URIs that the printer supports. For HTTP the most common are https
>> URLs for "secure" areas of the printer's web interface. Because a printer
>> is often known by multiple names and addresses ("printer.local.",
>> "printer.example.com.", 192.168.0.100, fe80::1234, etc.), the implementation
>> guidance (and in IPP Everywhere, this is a conformance requirement) is that
>> the server use the HTTP Host header provided in the request in the
>> host/address field of its responses, subject to the usual security
>> considerations (SHOULD validate Host value, etc.) This allows the client to
>> use the name or address it can resolve/connect to and makes sure that the
>> printer-generated absolute URIs lead back to same printer.
>>
>> All of this falls apart with link-local addresses and RFC 6874. Because the
>> client is required to remove the zoneid from the outgoing request, the URIs
>> it gets back from the server are no longer "reachable".
> Trying to understand what's going on here and what the root problem is.
>
> I have some dumb questions:
>
> Is the zoneid in the URI the interface on the client or the server node?
>
> What does other party learn from this information, since zoneid is
> currently defined as being local to the node and has no significance
> outside the context of the node?
>
> If the other party learns nothing, and the originating node just needs
> to hear an echo of it's own information for it's own use, what's wrong
> with using a cookie (server originated), or a hidden variable (client
> originated), to transport this interface information along with the
> request/reply?
>
> What if both the server AND the client have multiple interfaces: how do
> they both know which local interface on their own node is mutually
> connected and to be used for communication? There's only one single
> zoneid in the URI, so presumably one of the nodes is lacking some
> information.
>
> Shouldn't both nodes be using ND to learn this information?
> If there's nothing in the cache, try all interfaces?
>
> regards,
> RayH
>
>> What I propose is that we change the wording to allow the zoneid in the Host
>> header but not in the Request-URI. HTTP proxies would be required to strip
>> any zoneid information in the Host header. HTTP servers would be required
>> to ignore any zoneid information for purposes of address validation but
>> include it for any absolute URIs to the server they generate.
>>
>> Thoughts?
>>
>> _________________________________________________________
>> Michael Sweet, Senior Printing System Engineer, PWG Chair
>>
>>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
