IETF Logo Mail Archive

Re: [BEHAVE] RFC6147 and RFC7208 interoperability issues

Klaus Frank <klaus.frank@posteo.de> Mon, 07 February 2022 16:39 UTC

Return-Path: <klaus.frank@posteo.de>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8DAB3A0D29 for <behave@ietfa.amsl.com>; Mon, 7 Feb 2022 08:39:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=posteo.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B1qKvwgecxjv for <behave@ietfa.amsl.com>; Mon, 7 Feb 2022 08:39:02 -0800 (PST)
Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D16F3A099F for <behave@ietf.org>; Mon, 7 Feb 2022 08:39:02 -0800 (PST)
Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 1FE37240027 for <behave@ietf.org>; Mon, 7 Feb 2022 17:38:57 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1644251939; bh=+jWDvpJbf4EvY/wnDoPTiIR+tDFyIekO/2F6pzZISMc=; h=Date:Subject:To:From:From; b=dIlLjZTFE5uB5CuYMic+AMff76gEBmURQK0zCOQHJhjIikDlBgi9F8KGYtO8Q5FU8 aVwzOICODBNrrTptGKX9yVlm8xxuajJb8xZ/5Ml+7zacWkh+9/UuzIzPKx/XRU9aQC Z+ej20Vhb5Tk6xGPTlShi1PX/9DoOoSm0+Yug3oJN8+08ln/z+cEzstSSoCwETav3x OK2DsLb4vSo7mpkhFyd8QpRMokml+trrVjkZXTmxnljSM9a2fr5q1kP/P9EhnFHRRG P9viMVAvjhAXlFVejysXe6U9zZlUMfsjVKZ4ILu6XWFPQf9VzHenLXolaWah8urFZn xCgs0TnCtkjcg==
Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4JssKY21T0z6tn3 for <behave@ietf.org>; Mon, 7 Feb 2022 17:38:56 +0100 (CET)
Message-ID: <7e53925e-46b0-29e4-6deb-47bcf389ff97@posteo.de>
Date: Mon, 07 Feb 2022 16:38:54 +0000
MIME-Version: 1.0
Content-Language: en-US
To: behave@ietf.org
References: <077D662F-5E6D-44F5-8DD3-B58D8B535C5D@network-heretics.com> <B6D6B4CC-AC1F-459C-952A-E9493E00FDB3@huitema.net>
From: Klaus Frank <klaus.frank@posteo.de>
In-Reply-To: <B6D6B4CC-AC1F-459C-952A-E9493E00FDB3@huitema.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms010002060108070201080108"
Archived-At: <https://mailarchive.ietf.org/arch/msg/behave/jvNjeO4gI61rdXQVP2L6qOXbxpo>
Subject: Re: [BEHAVE] RFC6147 and RFC7208 interoperability issues
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/behave/>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2022 16:39:08 -0000

On 2022-02-07 16:56, Christian Huitema wrote:
>   
>
>> On Feb 7, 2022, at 5:11 AM, Keith Moore <moore@network-heretics.com> wrote:
>>
>> Sent from my iPhone
>>
>>> On Feb 7, 2022, at 1:42 AM, marcelo bagnulo braun <marcelo@it.uc3m.es> wrote:
>>>
>>> I guess one operative question is whether this issue can be dealt with an errata or should require an update in the spec.
>> Neither.  That SPF and TXT records are not altered is a feature, not a bug
> Marcelo,
>
> Errata is for errors, not for changing the specifications. The current text absolutely reflects the decisions of the WG at the time. To change the decision would require a new version. In fact, it would also require a debate, because there are two solutions.
>
> One potential solution is to say that the text is right, that NAT64 should only work with A and AAAA records, and that applications using other records that embed IP addresses should be cognizant of NAT64 and apply their own logic.
>
> That's not what Klaus hoped for, but there are several arguments for that approach, especially in the case of records with security implications like SPF. Arguably, applications relying on such records should acquire them in secure ways, which precludes alterations in the middle.
I was hoping for clarification and an alignment between both working 
groups (and maybe an official recommendation i.e. Informational RFC) and 
to find a solution for the future. So that this problem doesn't stay 
unresolved.
> There are also deployment arguments for the end to end approach. New records can be created at any time. The applications using them know that, and are expected to have code to handle them. NAT64 don't. They ship in devices like home routers that are notoriously slow to upgrade. Even if we told them to upgrade, they would only do that slowly, and applications that need it immediately will still need to add the NAT64 code.

I want to disagree partially with you on this one. You always say NAT64 
as a combination of DNS64 and NAT64. Truth is, that these are two 
distinct things that are offered from two different origins. Even though 
a NAT64 may be on slow updating home routers (though unlikely, a CLAT 
would be more likely here). The DNS64 isn't. The home routers only have 
plain forwarding. They forward to the DNS infrastructure of the ISP. 
Therefore changing DNS64 (not NAT64) would indeed be feasible as it is 
within a way better maintained and updated environment. And also the 
NAT64 gateways would residue in the ISP infrastructure and not within 
the home router itself. The home router would then just forward IPv6 
only traffic towards the ISP... (see figure 2, 3 and 4 
https://tools.ietf.org/id/draft-ietf-v6ops-nat64-deployment-03.html)

> So, no, this is not material for an errata. Maybe just additional guidance about deployment and knowledge in applications. Or, failing that, a revised RFC.
>
> -- Christian Huitema
> _______________________________________________
> Behave mailing list
> Behave@ietf.org
> https://www.ietf.org/mailman/listinfo/behave

v2.23.0 | Report a Bug | By Email