[apps-discuss] apps-team review of draft-ietf-behave-v4v6-bih-06

Xiaodong Lee <lee@cnnic.cn> Thu, 22 September 2011 00:30 UTC

Return-Path: <lee@cnnic.cn>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDBC421F8D2A for <apps-discuss@ietfa.amsl.com>; Wed, 21 Sep 2011 17:30:17 -0700 (PDT)
X-Quarantine-ID: <l22al61Cu9fQ>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "Message-ID"
X-Spam-Flag: NO
X-Spam-Score: -1.196
X-Spam-Level:
X-Spam-Status: No, score=-1.196 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_23=0.6, MSGID_FROM_MTA_HEADER=0.803]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l22al61Cu9fQ for <apps-discuss@ietfa.amsl.com>; Wed, 21 Sep 2011 17:30:17 -0700 (PDT)
Received: from cnnic.cn (smtp.cnnic.cn [159.226.7.146]) by ietfa.amsl.com (Postfix) with SMTP id D150721F8D25 for <apps-discuss@ietf.org>; Wed, 21 Sep 2011 17:30:15 -0700 (PDT)
Received: (eyou send program); Thu, 22 Sep 2011 08:32:33 +0800
Message-ID: <516651553.19518@cnnic.cn>
X-EYOUMAIL-SMTPAUTH: lee@cnnic.cn
Received: from unknown (HELO [218.241.111.252]) (127.0.0.1) by 127.0.0.1 with SMTP; Thu, 22 Sep 2011 08:32:33 +0800
Message-ID: <4E7A8225.4060701@cnnic.cn>
Date: Thu, 22 Sep 2011 08:32:37 +0800
From: Xiaodong Lee <lee@cnnic.cn>
Organization: CNNIC
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: apps-discuss@ietf.org, iesg@ietf.org, bill.huang@chinamobile.com, denghui02@gmail.com, teemu.savolainen@nokia.com, dthaler@microsoft.com, dwing@cisco.com
X-Enigmail-Version: 1.3.2
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Subject: [apps-discuss] apps-team review of draft-ietf-behave-v4v6-bih-06
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: lee@cnnic.cn
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2011 00:30:17 -0000

I have been selected as the Applications Area Review Team reviewer for
this draft (for background on apps-review, please see
http://www.apps.ietf.org/content/applications-area-review-team).

Please resolve these comments along with any other Last Call comments
you may receive. Please wait for direction from your document shepherd
or AD before posting a new version of the draft.

Document: draft-ietf-behave-v4v6-bih-06

Title: Dual Stack Hosts Using "Bump-in-the-Host" (BIH)

Reviewer: Xiaodong Lee

Review Date: 2011-09-21

Review Summary:
This draft is almost ready for publication but has a few issues that
should be clarified and fixed before publication.

Major Issues:
“BIH has the potential to interfere with the functioning of DNSSEC,
because BIH modifies DNS answers, and DNSSEC is designed to detect such
modifications and to treat modified answers as bogus.”  as in Section 7.4.

This document overall provides an valuable 4-6 translation solution.
However, the effects this draft will pose on DNS should be deliberately
considered. As described in BIH, ENR (Extension Name Resolve) is to
modify DNS request and response messages as in ” The Extension Name
Resolver (ENR) returns an answer in response to the IPv4 application’s
name resolution request.” , which means BIH has the potential to
interfere with the functioning of DNSSEC.

Yet circumstances alter cases due to the two different ENR
implementation options. In the case of the socket API layer
implementation option, there is no conflicts with DNSSEC. However, in
the case of the network layer implementation option, BIH modifies DNS
answers, and DNSSEC is designed to detect such modifications and to
treat modified answers as bogus. This draft recognizes the issue and
prefers the former as in “Hence the socket API layer option is
RECOMMENDED.” in section 2.3. Since this draft is intended for standard
track, RECOMMENDED is not strong enough, the socket API layer option
should be the “SHOULD” solution or specify that “One implementation
SHOULD NOT interferes DNSSEC mechanism”.

Minor Issues: NA

Nits: NA

-- 
--
Xiaodong LEE
VP&CTO, CNNIC
Professor, Chinese Academy of Sciences