Re: [Add] Relaxed validation and delegated IPv6 prefixes (Was: New Version Notification for draft-schwartz-add-ddr-forwarders-00.txt)
"STARK, BARBARA H" <bs7652@att.com> Mon, 11 October 2021 12:39 UTC
Return-Path: <bs7652@att.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B1723A0654 for <add@ietfa.amsl.com>; Mon, 11 Oct 2021 05:39:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.799
X-Spam-Level:
X-Spam-Status: No, score=-1.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZSQrZcqkK5kh for <add@ietfa.amsl.com>; Mon, 11 Oct 2021 05:39:43 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D46C93A05A7 for <add@ietf.org>; Mon, 11 Oct 2021 05:39:42 -0700 (PDT)
Received: from pps.filterd (m0049458.ppops.net [127.0.0.1]) by m0049458.ppops.net-00191d01. (8.16.1.2/8.16.1.2) with SMTP id 19BCYdNg038035; Mon, 11 Oct 2021 08:39:40 -0400
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0049458.ppops.net-00191d01. with ESMTP id 3bmncwg4dm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 11 Oct 2021 08:39:40 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 19BCdcDQ008940; Mon, 11 Oct 2021 08:39:39 -0400
Received: from zlp30486.vci.att.com (zlp30486.vci.att.com [135.47.91.177]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 19BCdWXp008773 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 11 Oct 2021 08:39:33 -0400
Received: from zlp30486.vci.att.com (zlp30486.vci.att.com [127.0.0.1]) by zlp30486.vci.att.com (Service) with ESMTP id DB40E4005950; Mon, 11 Oct 2021 12:39:32 +0000 (GMT)
Received: from GAALPA1MSGED2CC.ITServices.sbc.com (unknown [135.50.89.134]) by zlp30486.vci.att.com (Service) with ESMTP id 8723A40058F1; Mon, 11 Oct 2021 12:39:32 +0000 (GMT)
Received: from GAALPA1MSGEX1BC.ITServices.sbc.com (135.50.89.104) by GAALPA1MSGED2CC.ITServices.sbc.com (135.50.89.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.14; Mon, 11 Oct 2021 08:39:32 -0400
Received: from GAALPA1MSGETA01.tmg.ad.att.com (144.160.249.126) by GAALPA1MSGEX1BC.ITServices.sbc.com (135.50.89.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.14 via Frontend Transport; Mon, 11 Oct 2021 08:39:32 -0400
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.42) by edgeal1.exch.att.com (144.160.249.126) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.14; Mon, 11 Oct 2021 08:39:22 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G60qTK9QdnbpEbNt+Ae8DpPLFKnp8Q6mu+qq050x/40XAUeGRK677xzIPBsOvj1usfK1jow9qxVVZG0+rJHMdGMsTK5WKViBPjVY3UcHotcDurgLl2cvrBtTGnCce2N614lCN86am7gepgGX62M7WGZbkdCOOCaiogrja2Z2J3eqIAqU1X2RErTccYm2kK6o6Hf0Tmx4QAySuigf/jkCVbpUu9H44yr5MPIzS1yihooa1yx3BgaBqefy4rrEeSXq1cZaeBjfH0xltxf9VYmqtZAFqennKJxbJbA29YCqTchLWQcTrqnP3rimtduL/6aombaQQ43UVXjsBn49pYdIjQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EdJijmxCCzH0fQ3OV8khCGAPTgF8fQW9UNtppjqeB4k=; b=VEBAel2NDwfKszFwbEHCXOSjk5P+MoI7R7sAiL7VPJ4mQnhHbo7ly4/op9oFjDfxz9SJ7h279ydFENFhKN3cmH4PoaHtF2jfqIKjIsr17pamL4OBcgubhTrwNGoj19GcVd/z7u6zFrY9kx5RPX4PpvC8aTyzIwFKelc6MTkAyjfRhqmrQ31gcI2rLlODRS/xTZQ6D2EY/ThAbgyxxSzAeASKMC22aeGFT/04CqC5zD4jz6l3QAp9t35GKxk1u5hs0gooyfV6cG2XeA8suwuFZeOJUbXyBx/ib7cIKI8sDOIBpiy1OVWr/f7fmG6iAMPB2gSTH8WvRd+T//dQy6q0NA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=att.com; dmarc=pass action=none header.from=att.com; dkim=pass header.d=att.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EdJijmxCCzH0fQ3OV8khCGAPTgF8fQW9UNtppjqeB4k=; b=ib8ALvK1dN7IvSTKpomgDvYFAFuMtNu4cVySdtNe98jce/sMwm44IqKuBWAedzFL/AZmgP0RqUAQJ4d084Yn0IrTBeFh/VPL1SbNrEv6FADWCC6H3Hu+Ir5FUXPhgDQuh5k69rSOjmkLWtZb4brB4HZ4i1fzZYxUoBwp/U5OuOM=
Received: from DM6PR02MB6924.namprd02.prod.outlook.com (2603:10b6:5:25f::7) by DM6PR02MB6923.namprd02.prod.outlook.com (2603:10b6:5:25e::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.22; Mon, 11 Oct 2021 12:39:20 +0000
Received: from DM6PR02MB6924.namprd02.prod.outlook.com ([fe80::ddec:9436:4971:5d1e]) by DM6PR02MB6924.namprd02.prod.outlook.com ([fe80::ddec:9436:4971:5d1e%4]) with mapi id 15.20.4587.026; Mon, 11 Oct 2021 12:39:20 +0000
From: "STARK, BARBARA H" <bs7652@att.com>
To: 'tirumal reddy' <kondtir@gmail.com>, 'Ben Schwartz' <bemasc=40google.com@dmarc.ietf.org>
CC: 'ADD Mailing list' <add@ietf.org>
Thread-Topic: [Add] Relaxed validation and delegated IPv6 prefixes (Was: New Version Notification for draft-schwartz-add-ddr-forwarders-00.txt)
Thread-Index: Ade7rM3E3juJPHUES+yMnDFbR8J3zACl9lAAAAYa/IAAD3nWYA==
Date: Mon, 11 Oct 2021 12:39:20 +0000
Message-ID: <DM6PR02MB6924DACFB91ED5E957BACE17C3B59@DM6PR02MB6924.namprd02.prod.outlook.com>
References: <DM6PR02MB6924A3C8D43C001C78994B01C3B19@DM6PR02MB6924.namprd02.prod.outlook.com> <CAHbrMsBQBu8fTeeHtvO=YCn_Af-PzZvHmZK=ErXEAf6U44VZjw@mail.gmail.com> <CAFpG3geRj+FZmoKm-72fkvRp6VPiTtxGgR+ORWKA8x6t5M0vMw@mail.gmail.com>
In-Reply-To: <CAFpG3geRj+FZmoKm-72fkvRp6VPiTtxGgR+ORWKA8x6t5M0vMw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=att.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2a75ea53-56a6-4dcb-bc03-08d98cb425ba
x-ms-traffictypediagnostic: DM6PR02MB6923:
x-microsoft-antispam-prvs: <DM6PR02MB69236B2D3A8A5F8B64156CF1C3B59@DM6PR02MB6923.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: CUhM37/jNstM0cXyqqC4W4eCKBtIjUXy0q7hWI52g9n4up23sf7NDWK6jGBX1/m4vRhID1WnY4XQbX8pyG5SaUrPU55HjWEwWDfHI02yOIZgJ4Eut0KVhP2G6/bzsZnw6iexcZFw+J1y38UdIaJSttHbNQ/FmY9nMx9zeIbVSIO/jJysG5LRCB5/QmS8boa1jZwCf/ojgXZTRFVqGArgtTGHdvJfCAOGRqVK9fzyWPyhUxBmPLBlTCRh46KD/+8AaBS6ViyhXw9raeaUWDwgW4OwOG4+kVk3xJwxrPhjrtUSbBqQCyB4B0cHsqCy6VqVpfOBfLm8p4+VYaxdUrhmMweYDe4qdxJRyhIwIQw/SCB+U/KNzuTI9eDqpk1ta0087bEWBKvGjhQ4p0LVAdHrC6kX8oSJA414sXcOQX6/ogSSmFXidC5P9SrLfsTnKyieTPK3q/Z7IFkFEGJCeUa75oFGJ4K86bxudZsc+nj2PM+J3SNBW/1OSsJ5jdJ8ph1L1YM3PBYkpR58BM46hKdkLD5+BGDq/iy3fAS9dWABtFNrWEOatYol52zyTGdZT6ZQMcVyXnr5LDE0n/6yxM7PypVSKCOYxqnSvatUlcQ0XiTR7Be7JW/a4ymLfHh698tTyT78ocBU/qb5JGGqOCbMYkLC6lH22kzKsc722vIpoOs+oAgqHoaYIFj3UUjxXD2krZR3h5IBZbFps43n00VA0Va6yDDFRzRvStLVQsrRj8eMPqVa1SEKGvgOQ8OcqDfBtD9rbWXheF6TlI1ScpUkyZEBE/11+FNfTRoRqYTVhDS0TeuY1fCFX4RvMBzl2A57RsIYLRtO7lxz2VPEb3kHIQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR02MB6924.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(66446008)(64756008)(66556008)(66476007)(83380400001)(66574015)(76116006)(86362001)(166002)(66946007)(38070700005)(966005)(33656002)(2906002)(53546011)(6506007)(15650500001)(186003)(4326008)(8676002)(508600001)(9686003)(55016002)(5660300002)(8936002)(52536014)(7696005)(26005)(71200400001)(82202003)(316002)(110136005)(122000001)(38100700002)(579004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: G/gcKq8LaCGSnRZbeXXdHM+RiGhC43U71g2yoi0w8C1TDEyMSZrarkdqO3cAJFvtxv9koOKujnTIYImcEHjGC4jtYzWesPnvmWxIHjdQeZLicO9LolCyvcuj2BcXeYCgJf3RG26yXIzkQ1z9q2H9FAPd/COJkpP96mlG2bZKaZ6hm3kzMUvSxBPfLV/fnqfmniVXdfN8Yk5Lxn5ky4Bcl5SgHdNlPbXLhhhzUXH2JQu13OvA9MUOlHJWfbDl95RdThpO0LzO8ubTB9eSkPmU2QR+U1Ae0cg2oGHEPuhqQIDx2QAzbJYSZ7zbWmXO4FBOkxiOIZ6QB33QOfGTIIVvH+QEGXOorNnS4hmH9IuBHGgyBhRBD8ysJ02tj2ZXw5SsH3sEcVk2VD0O9Gs6yfDGoT7qFKqMg6dP/t5ZU2xQO+OFxAWJ8zCNb30SfD70DMr0ufqSSYtHpgjaYHC+thoUj8t8l/oiMEBw6e4iENupS/DJXkU9ltozC8mKCeBb0ThCYt3OUp5SQzpyazY8yxwU1Knd5ERPzctKTlFgY654JWa20MCbQcf4VJi8BhNuniMqyM4fqFg1o4h8t2ps2ytTuA7RjJXnHFejGHRWfgCNGFZIv5dYArlqEy5AfmR+ffw5iStFjEbTYR6z7SEgzQuNXYrRO8BMkPZ6vEeJmwdHt7Ebdlv8J1INHYWQS44acpnuPQoYRPVTx2gNdqk78lgPf2OhMlJY/8griAAEVvNnJ+tLV1NTaXWSMHaAZ0sZAy7bEa4vpZ1SNbNn33HiZv8tHekn3VcmHEDLsnBFJZlU4CCyAmyHRObKH9+LC1KZQ9oxbYYfEd9PJ+aHERO6B0ceHry6znY2cqLbd7n8lzQ7D+z52Y2pI46yTpfgkL9yINo6+X9+ZG6Oy8uS/GZxInJNDho53N6kPJfXVEl6TQxjmT75dPgTqBCaDkvcidgJIbVuXCkCK11tbeuIKmPvm5iGZlKcRnnXuKPQjoIjHrdTn5LfziIRAyDYT3kSOmQrLyuHmPj+5dRN3yopBS3aZF4Bt2+4oN9aanoEjuFUTlsBdbyCS2EeFZQv8KdJPw3aONGsau3sbLhDWo6l0gntbkT478JSyXGQOI5OZKn0Cji4ZsQHACvyZWXFdQlaRxpGBn209obW+znyVBhrmA16+wSAVi98hp+TgpAnFavmfZf00VTxN6D1Q7nhBDZuD95EKXCRED3nVmnU25gWC7O/+bQeRB/nvTcv0Gqi+n87orQ450874zyIRczjzK9oSsGajtG9kDZjc8DxkryZJw4CF7X9BO+owPZKIMWTCxUF+ULVv0I=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR02MB6924DACFB91ED5E957BACE17C3B59DM6PR02MB6924namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR02MB6924.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2a75ea53-56a6-4dcb-bc03-08d98cb425ba
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2021 12:39:20.3059 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NRK/DcZYflbk851zMRyeQYVFe0WpQkO7r2W7DLuxVfV6cvI/j5HvUt2TzzRhXtUD
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR02MB6923
X-OriginatorOrg: att.com
X-TM-SNTS-SMTP: 9ADD6C7732EE3D8CDC7E27152A6A30A37406C3864D7F07AC9FAC593BE92B0D0F2
X-Proofpoint-GUID: D9ZSu4KYaKZ0HjHR6kOdIjsagZU2ErUb
X-Proofpoint-ORIG-GUID: D9ZSu4KYaKZ0HjHR6kOdIjsagZU2ErUb
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-10-11_04,2021-10-07_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 suspectscore=0 phishscore=0 adultscore=0 mlxlogscore=999 bulkscore=0 malwarescore=0 mlxscore=0 spamscore=0 impostorscore=0 priorityscore=1501 lowpriorityscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109230001 definitions=main-2110110072
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/ia5qodpa-tWB2lVeAShkWWHOYT8>
Subject: Re: [Add] Relaxed validation and delegated IPv6 prefixes (Was: New Version Notification for draft-schwartz-add-ddr-forwarders-00.txt)
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Oct 2021 12:39:48 -0000
The GUA address is assigned on LAN-facing interfaces only and is not reachable via the WAN interface. Just because an address is a GUA doesn't mean it has to be reachable from the Internet or via all interfaces. I suppose someone could hairpin through a compromised device on the LAN to get to it. But if they have a compromised device on the LAN, it doesn't matter what format of address is used. Barbara From: tirumal reddy <kondtir@gmail.com> Sent: Monday, October 11, 2021 12:02 AM To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> Cc: STARK, BARBARA H <bs7652@att.com>; ADD Mailing list <add@ietf.org> Subject: Re: [Add] Relaxed validation and delegated IPv6 prefixes (Was: New Version Notification for draft-schwartz-add-ddr-forwarders-00.txt) Using a global unicast IPv6 address for a DNS forwarder on the home router would expose it to external attacks (e.g., DDoS, capability to resolve private domains). If the purpose of the forwarder is to only resolve the queries from the devices attached to the home network, I don't get why a DNS forwarder on the home router would want to use a global unicast address and act like a public resolver ? Cheers, -Tiru On Mon, 11 Oct 2021 at 07:37, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org<mailto:40google.com@dmarc.ietf.org>> wrote: If the DNS forwarder is identified by a public address (IPv4 or IPv6), then it could get a TLS certificate for that IP address. A client policy that doesn't require authentication in this case, even though authentication is possible, would be a much bigger departure from baseline DDR. I would prefer not to describe that behavior in this draft. <bhs> When you say "[the DNS forwarder] could get a TLS certificate for that IP address", are you saying it would be possible for a gateway to get a PKI CA-signed certificate every time it gets delegated an IPv6 prefix (and subsequent renewal)? I misspoke. Let me try again: In DDR, the Encrypted Resolver must hold a certificate that covers the IP address of the Unencrypted Resolver unless the resolvers have the same IP. Thus, if the gateway uses a public IP address, and is actually a forwarder, then the upstream resolver must return a certificate that covers the gateway's IP address. This is not the same as placing a PKI certificate on the gateway. (I don't know if it's easier or harder.) ... So if a client is provided a private IPv4 DNS server address and a public (GUA) IPv6 DNS server address (and, BTW, both reply with identical resolver.arpa info), will the relaxed-validation client prefer IPv6 and not upgrade because the IPv6 address is a GUA? Or will the relaxed-validation client try the private IPv4 address (also?) and do the DoH upgrade? I think it will do the upgrade, via the IPv4 server. I'm ok not worrying about people with static public IPv4 address assignments (assuming the same argument that a certificate isn't realistic). That's a small population. But is it really not possible to explore allowing "same IPv4 subnet" or "on-link IPv6 prefix"? Let's consider two clients, one implementing "baseline DDR" and one that relaxes validation as you've described. They are on a v6-only network whose DNS server has a public IP and is "on-link" according to some criterion. A DDR query tells the client to use a "far away" designated resolver. If the local DNS server is actually a forwarder, then it is arguably safe to upgrade without certificate validation. However, the client doesn't know whether this server is a forwarder. It might actually be a full resolver. Suppose there is an active attacker close to the "far away" designated resolver. The "baseline DDR" client enforces certificate validation, so it detects this attacker and continues to use the local (full) resolver. As a result, the attacker (who is far away) cannot see or modify most/any of the user's queries. The "relaxed" client sends all their queries straight to the attacker. This seems like a much larger departure from the baseline DDR security model than anything contemplated in this draft, so I would prefer not to combine it. However, this situation is important, and should be mentioned in the draft. I've added the following paragraph in the pull request [1]: > IPv6-only networks whose default DNS server has a Global Unicast Address are out of scope, even if this server is actually a simple forwarder. If the DNS server does not use a private IP address, it is not a "legacy DNS forwarder" under this draft's definition. [1] https://github.com/bemasc/ddr-forwarders/pull/3<https://urldefense.com/v3/__https:/github.com/bemasc/ddr-forwarders/pull/3__;!!BhdT!wdNh5WKV-u2xtQFlX4hvyjwttEo6LlYpIFsOhKMSSiKdvYcs6wE6UDQCYNa2XA$> -- Add mailing list Add@ietf.org<mailto:Add@ietf.org> https://www.ietf.org/mailman/listinfo/add<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/add__;!!BhdT!wdNh5WKV-u2xtQFlX4hvyjwttEo6LlYpIFsOhKMSSiKdvYcs6wE6UDR9Xhh1xA$>
- [Add] Relaxed validation and delegated IPv6 prefi… STARK, BARBARA H
- Re: [Add] Relaxed validation and delegated IPv6 p… Ben Schwartz
- Re: [Add] Relaxed validation and delegated IPv6 p… tirumal reddy
- Re: [Add] Relaxed validation and delegated IPv6 p… STARK, BARBARA H
- Re: [Add] Relaxed validation and delegated IPv6 p… STARK, BARBARA H
- Re: [Add] Relaxed validation and delegated IPv6 p… Lanlan Pan
- Re: [Add] Relaxed validation and delegated IPv6 p… Ben Schwartz
- Re: [Add] Relaxed validation and delegated IPv6 p… tirumal reddy
- Re: [Add] Relaxed validation and delegated IPv6 p… tirumal reddy
- Re: [Add] Relaxed validation and delegated IPv6 p… STARK, BARBARA H
- Re: [Add] Relaxed validation and delegated IPv6 p… tirumal reddy