Re: [apps-review] [v6ops] Review of: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03 *(formal for apps area)*

Lorenzo Colitti <lorenzo@google.com> Tue, 31 May 2011 06:10 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: apps-review@ietfa.amsl.com
Delivered-To: apps-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D9EBE06D4 for <apps-review@ietfa.amsl.com>; Mon, 30 May 2011 23:10:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.976
X-Spam-Level:
X-Spam-Status: No, score=-105.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tPsS2h24nJ8o for <apps-review@ietfa.amsl.com>; Mon, 30 May 2011 23:10:11 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by ietfa.amsl.com (Postfix) with ESMTP id A953CE06E1 for <apps-review@ietf.org>; Mon, 30 May 2011 23:10:10 -0700 (PDT)
Received: from hpaq1.eem.corp.google.com (hpaq1.eem.corp.google.com [172.25.149.1]) by smtp-out.google.com with ESMTP id p4V6A9pB026274 for <apps-review@ietf.org>; Mon, 30 May 2011 23:10:09 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1306822209; bh=QNZSFlli55cjrPwL/x+BDCJjVdA=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=GSFWZU2L+BFEfylUuWctiIJ6JoTwAKJfISGNxLLI4pSmsQ3L9Ncdu7n/yNk01T5lH 2xqPB41oPjM6qC6HUjJug==
Received: from gxk1 (gxk1.prod.google.com [10.202.11.1]) by hpaq1.eem.corp.google.com with ESMTP id p4V6A7qq001433 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <apps-review@ietf.org>; Mon, 30 May 2011 23:10:08 -0700
Received: by gxk1 with SMTP id 1so2121750gxk.24 for <apps-review@ietf.org>; Mon, 30 May 2011 23:10:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=oyVX/gc61gBxzLHbPQFgEUSGslTK7g062bfu2SI8XK4=; b=ZOP3zSYuKeDuyHHZ2E6o4X9HG4B+RBBdoqVmyqY7v8IWG2kpDHyo2qy0ryQua2CqTr uCup36Dtbgtse/48u6aw==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=NqgAyJ3EivTsdT7Lk4wYxvzFVLaqxR2cLLks+kGbHH06sVx9cy1/0U0AXgijs59MiI 29LRm93Pj4bLkuSdJDDw==
Received: by 10.150.7.15 with SMTP id 15mr4510149ybg.378.1306822207110; Mon, 30 May 2011 23:10:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.151.101.5 with HTTP; Mon, 30 May 2011 23:09:47 -0700 (PDT)
In-Reply-To: <20110530154841.GM45955@Space.Net>
References: <CA084387.289FF%jason_livingood@cable.comcast.com> <4DE3B8FD.7040209@dcrocker.net> <20110530154841.GM45955@Space.Net>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Mon, 30 May 2011 23:09:47 -0700
Message-ID: <BANLkTik4XTeWDXr5OQ+i5PxjOaSehwfx3smE_p+W783Hqw4-yQ@mail.gmail.com>
To: Gert Doering <gert@space.net>
Content-Type: multipart/alternative; boundary=000e0cd2878870809c04a48c4132
X-System-Of-Record: true
X-Mailman-Approved-At: Tue, 31 May 2011 08:09:11 -0700
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, Apps Review <apps-review@ietf.org>, Dave Crocker <dcrocker@bbiw.net>, IETF Discussion <ietf@ietf.org>
Subject: Re: [apps-review] [v6ops] Review of: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03 *(formal for apps area)*
X-BeenThere: apps-review@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Apps Area Review List <apps-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-review>, <mailto:apps-review-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-review>
List-Post: <mailto:apps-review@ietf.org>
List-Help: <mailto:apps-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-review>, <mailto:apps-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 May 2011 06:10:11 -0000

On Mon, May 30, 2011 at 8:48 AM, Gert Doering <gert@space.net> wrote:

> I have no idea what a "v6 DNS ACL" should be, except maybe an ACL that
> protects which IPv6 clients are allowed to talk to a DNS server.
>

ACL is the wrong term. Saying it's an ACL makes it easy to make the argument
that whoever is implementing this is denying access to a particular resource
(the AAAA record).

In fact, the opposite is true - by electing not to return an AAAA record,
the implementer is able to allow access to a particular resource (the
content that the user wants to reach) instead of publishing the resource
over IPv6 where some users can't usefully reach it.

Which is of course, the root of the problem here. It is the reason why many
large website operators have either implemented whitelisting (Google,
Facebook) or have announced that they will be implementing whitelisting
(Yahoo, Akamai). And it is the reason why said website operators are not
contributing to this document.