IETF Logo Mail Archive

Re: [arch-d] Treating "private" address ranges specially

Eliot Lear <lear@cisco.com> Wed, 31 March 2021 08:50 UTC

Return-Path: <lear@cisco.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EF923A2096 for <architecture-discuss@ietfa.amsl.com>; Wed, 31 Mar 2021 01:50:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.899
X-Spam-Level:
X-Spam-Status: No, score=-11.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tptGZCl7k2bf for <architecture-discuss@ietfa.amsl.com>; Wed, 31 Mar 2021 01:50:13 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BB163A2095 for <architecture-discuss@ietf.org>; Wed, 31 Mar 2021 01:50:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2921; q=dns/txt; s=iport; t=1617180613; x=1618390213; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=ZMzSjP8WXsGb47T1/CS9jZGY2+U64CdLwPm1+YcyFYM=; b=Zr+OArt0csVSBU/7fEVF5iBcJ71u7EFGfTtaS46FJG5kEMS4K21p/463 K84ksWsk9ENq23gUKCCeDES5EJFEydWNTV/xEsmm1qvdQ5w3JGqTBd+2f JKX9jtXZmJH8oeV1wSSj2U2z5ZZQaUefajiePjpxxJWBHhUWxUJx2zeYC I=;
X-Files: signature.asc : 488
X-IPAS-Result: A0BhAAB4N2Rg/xbLJq1aHAEBAQEBAQcBARIBAQQEAQGBfgUBAQsBgyBWAScSMYRBiQSIJyUDmmOBfAQHAQEBCgMBAR0LDAQBAYQMRAKBfCY2Bw4CAwEBAQMCAwEBAQEBBQEBAQIBBgRxhWENhkQBAQEDAQEBIUsLBQsLDgQGKgICJyIOBhOCcAGCZiEPqkp3gTKFWIRjCgaBOQGBUot3QoILgTkMEIJZPhyCRAEBhHQ1gisEgVWBL1EsW2kSgR6TPIhTgSSce4MRgzqBRZdrAx+DSJBUkDyXF5x/AYN+AgQGBQIWgVsBMoFZMxoIGxU7KgGCPj4SGQ2OMBGIYoVHPwMvOAIGAQkBAQMJjm0BAQ
IronPort-HdrOrdr: A9a23:n+2/nqvqdLkj9Be/Vdco8Tun7skD9NV00zAX/kB9WHVpW+aT/v re/8gz/xnylToXRTUcicmNUZPtfVrw/YN4iLNxAZ6MRw/j0VHDEKhD6s/YzyTkC2nC8IdmtZ tIV6RlEtX/ARxbgK/BjTWQN9YlzJ25/LuzheHYpk0DcShQZ6tt7xh0B2+geyUceCB8CZU0D5 aa7MZczgDQHEg/VNixBXUOQoH4yeHjqZSOW29lOzcXrC2HjTal89fBYnyl9yZbdS9TyrE/9m WAtAr16syYwpeG4y6Z8XPP5JJLn9ak8P9/PYinj8gYLSiEsHfOWLhc
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,293,1610409600"; d="asc'?scan'208";a="32207966"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 31 Mar 2021 08:50:11 +0000
Received: from [10.61.144.91] ([10.61.144.91]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 12V8oARv012784 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 31 Mar 2021 08:50:10 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <26F64C53-9012-4A6A-AD1B-FF01D91689EB@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_785942DC-8AB2-46B9-A674-0CB6A054D4BE"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Date: Wed, 31 Mar 2021 10:50:09 +0200
In-Reply-To: <a68636c2-5df0-46eb-8147-79ec6a992f8a@www.fastmail.com>
Cc: Erik Kline <ek.ietf@gmail.com>, architecture-discuss@ietf.org
To: Martin Thomson <mt@lowentropy.net>
References: <4329d51a-d5ba-45b3-9fb0-6795dc6fccd3@www.fastmail.com> <CAMGpriWA4B8AThNKBOHo-bfAdQ2s5iYv8rBOB7X8UVc5GsqENA@mail.gmail.com> <CAMGpriUJkWYPyw7=oAj_GnGu2J14T3=VZYNWPZtAs870P=x0sg@mail.gmail.com> <a68636c2-5df0-46eb-8147-79ec6a992f8a@www.fastmail.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
X-Outbound-SMTP-Client: 10.61.144.91, [10.61.144.91]
X-Outbound-Node: aer-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/rSmdij85it5e80yrWzo-jWJudqA>
Subject: Re: [arch-d] Treating "private" address ranges specially
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 08:50:18 -0000

Martin,

This seems well-meaning, but the heuristic might need work, depending on the scope of protection that is really needed.

On my own home network, for which I do nothing special as far as addresses are concerned, I currently see two public IPv6 networks being advertised from my cable co.
I also see public addresses on my VPN tunnels.  Were you to hardcode something around ULAs or 1918 addresses, this stuff wouldn’t really apply to me (or to many home networks).  On the other hand, if you were to apply a policy by matching the subnet mask to one of those networks… that would make a difference.  It may make sense to take as private some list as configuration for enterprises.  You might even be able to deduce this from a proxy.pac file, although that seems a bit fraught with corner cases.

Also, what do the proponents expect/want the behavior to be in the face of devices like printers, ovens, and who-knows-what that have these dinky little web servers, many of which would likely not update for quite some time (if ever)?

I’m presuming one doesn't want to cause an e-Waste problem as happened with popular printers in the face of an update to a popular OS this past year. I doubt people will replace their refrigerators over this, but if they can’t print…

Eliot



> On 31 Mar 2021, at 08:20, Martin Thomson <mt@lowentropy.net> wrote:
> 
> On Wed, Mar 31, 2021, at 17:17, Erik Kline wrote:
>> My mistake.  I think the key text I didn't property absord was "the
>> current url's host".
> 
> :) Yes, though if you have name resolution that produces a ULA (which might happen in mDNS), then you would be contacting a "private" address.
> 
> _______________________________________________
> Architecture-discuss mailing list
> Architecture-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/architecture-discuss

v2.23.0 | Report a Bug | By Email