IETF Logo Mail Archive

Re: [arch-d] [Int-area] Is IPv6 End-to-End? R.I.P. Architecture? (Fwd: Errata #5933 for RFC8200)

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 28 February 2020 00:21 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80ABD3A09EF; Thu, 27 Feb 2020 16:21:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.395
X-Spam-Level:
X-Spam-Status: No, score=-1.395 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sNgVStXV-tU0; Thu, 27 Feb 2020 16:21:56 -0800 (PST)
Received: from mail-ot1-f41.google.com (mail-ot1-f41.google.com [209.85.210.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C567E3A09EC; Thu, 27 Feb 2020 16:21:55 -0800 (PST)
Received: by mail-ot1-f41.google.com with SMTP id 66so993164otd.9; Thu, 27 Feb 2020 16:21:55 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gSix1Je2Q0HDku6KA0XkNiXjesG5r3+iNEkHOUGpkL4=; b=WWQ0yF4dOaV0NbP0ClH5PWtXL61yZ9v4xcwREgDzmGLB1XvLny/TXAQ/GePpQf6jVF vMrLYjlLSz6MJJ8X9v9q4UdprV38Dd8tjV5a2zn6DGBp0Vddd4u3bD+tVwDDoFcIpI8Q B6EC7UyWVRzwhLxKfEqNNiEikcW9WM3KW1XTz4BvycPJKT5+q8LRKQKIVp5HwqVQf356 6uBd3dAPicxXOlvfzQngjYsMQ0E7sH9H3aermXqNQFYOslVvmeP9h0KINPKGsvVHRL6s 3HdWOTcvUPatYr3t6oy0YexPyplR1XAezZIxilmX1C7xX8Hvbk/1Fk1BuqRvv1ipr5OD SeBw==
X-Gm-Message-State: APjAAAU+FbGztfZGtfRnhvp6F6GUmSFkVwDH9a1StKwGQc4gMoEHPyWd hNmmkjHAW4bh8gCcpXd1/LBYAMWInGt2QyTmMck=
X-Google-Smtp-Source: APXvYqxBUMJcKlFspbLfW6QoiVgoDqAqJ/ynSIxRU1ixeQiVoigGpL4kUQmY8H6NLy0gG6lU+nZeEoBykNCBD0hccmM=
X-Received: by 2002:a05:6830:1305:: with SMTP id p5mr1166669otq.124.1582849315120; Thu, 27 Feb 2020 16:21:55 -0800 (PST)
MIME-Version: 1.0
References: <876c9105-3da4-e614-2db0-bea025b54663@si6networks.com> <7749f91f-03f1-cc14-bae8-5fe68c88879f@si6networks.com> <CALx6S36wN7VEi_rxLC1ETcTvkGaPhs20KhQrGWAGGTrCL5OT+g@mail.gmail.com> <CAMm+Lwg+4xMv=EKLfvmZMCgrQz31+38Fv0bYKeJ0fTB5vbXiaw@mail.gmail.com> <8d3e7b714666db00e0c05a2e06959da6@strayalpha.com>
In-Reply-To: <8d3e7b714666db00e0c05a2e06959da6@strayalpha.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 27 Feb 2020 19:21:43 -0500
Message-ID: <CAMm+LwjYeSTro_TJujtRPDfVKtVMg7JbDL6A5V3Tj447c2E7nA@mail.gmail.com>
To: Joe Touch <touch@strayalpha.com>
Cc: Tom Herbert <tom@herbertland.com>, Internet Architecture Board <iab@iab.org>, architecture-discuss@iab.org, Internet Area <int-area@ietf.org>, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000292c16059f97d302"
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/srWvJnWGFGAGzNDxGySfz_9rA-A>
Subject: Re: [arch-d] [Int-area] Is IPv6 End-to-End? R.I.P. Architecture? (Fwd: Errata #5933 for RFC8200)
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 00:21:58 -0000

On Thu, Feb 27, 2020 at 5:47 PM Joe Touch <touch@strayalpha.com> wrote:

> On 2020-02-27 14:26, Phillip Hallam-Baker wrote:
>
> On Thu, Feb 27, 2020 at 5:09 PM Tom Herbert <tom@herbertland.com> wrote:
>
>> Fernando,
>>
>> I think we need to be careful that IETF is labeled as a collection of
>> inflexible architectural purists. We know that standards conformance
>> is voluntary and we haven't seen the last time that someone, possibly
>> even a major vendor, will circumvent the system for their own
>> purposes.
>
>
> IP end to end does not mean the IP address is constant end to end. It
> never has meant that and never will.
>
>
> Actually, that's the only thing it ever meant and always will. When
> addresses change, *by definition*, the*ends* change (and yes, that's what
> NATs do - they create end-to-end CONTENT transfer over separate end-to-end
> Internets).
>

By whose definition? Not by mine.

TCP and TLS give me a reliable end-to-end stream. The fact that the IP
address is exposed is merely an unfortunate defect in the legacy APIs.

As the application layer designer, I am the customer here. I do not care
about the IP address.



> ..
> We discovered that there were good reasons for NATing IPv4 besides address
> multiplexing. The topology of my network is none of your business.
>
>
> Agreed; there's nothing that forces you to use IP addresses in a way that
> exposes your topology (you're free to build a net using host routing). That
> has nothing to do with NAT.
>
> I have not found a rationale for NATs that doesn't start and end with a
> business model where servers are charged business rates and clients are
> charged customer rates. Everything else about NATs either isn't a NAT
> property (hiding topology) or can be achieved by a stateful firewall (that
> predates NATs by a decade, e.g. that lets outgoing connections go through
> but not incoming).
>

Then you have had a remarkably sheltered upbringing.

Concealing details of the internal network structure is only common sense.



>
>
> More generally, Internet standards only apply to the Inter-net, the
> network of networks. What happens inside the networks at either end is for
> the owners of those networks to decide. If we go back to the original
> Internet design, they didn't even need to run IP. IP end to end come later.
>
>
> That's true, but then their "end" on the public Internet would be the
> firewall or NAT box at their edge.
>

There isn't a single 'end' in a protocol which is one of the reasons
end-to-end security has been done so badly. If Alice sends Bob a business
email, we have the following ends:

1) Application layer: SUBMIT Client -> SUBMIT Service, SMTP Client -> SMTP
Service, IMAP Client -> IMAP Service.
2) Message layer: Alice Email client -> Bob Email Client
3) Trust: Alice's employer <-> Bob's employer

Feel free to introduce extra ends if you like, it is irrelevant to my
concerns at the application layer.



>
>
> So let us stop being dogmatic about things that don't actually matter. The
> only job of the network layer is to get packets from one end to another.
> The only job of the transport layer is to provide reliable streams. An
> application protocol that depends on the IP address remaining constant end
> to end is a bad protocol and should be rejected.
>
>
> That's a very OSI view of protocols - about as out-dated and about as
> useful., IMO. Every layer of the stack might be involved in any function;
> anything that claims a single layer owns a single job hasn't existed since
> at least IP over IP.
>

The notion of encapsulation has been established in the object oriented
programming world for decades. The notion that the application program
should be abstracted from the transport and network layer is hardly a
controversial one.

As for OSI, I would not know as I have not made a detailed study of it. It
is not a model I find interesting as it doesn't describe the role of the
naming systems and it isn't able to describe systems like SDN and VPN which
we make use of.

v2.23.0 | Report a Bug | By Email