[DNSOP] Re: [v6ops] [EXTERNAL] New Version Notification for draft-jens-7050-secure-channel-00.txt

Mark Andrews <marka@isc.org> Wed, 26 June 2024 23:46 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94964C151997; Wed, 26 Jun 2024 16:46:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b="omN1NkAp"; dkim=pass (1024-bit key) header.d=isc.org header.b="RntKg6KI"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4O9q9Z8vSdC3; Wed, 26 Jun 2024 16:46:10 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4073AC14F714; Wed, 26 Jun 2024 16:46:09 -0700 (PDT)
Received: from zimbrang.isc.org (zimbrang.isc.org [149.20.2.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 45FB33AB25A; Wed, 26 Jun 2024 23:46:09 +0000 (UTC)
ARC-Filter: OpenARC Filter v1.0.0 mx.pao1.isc.org 45FB33AB25A
Authentication-Results: mx.pao1.isc.org; arc=none smtp.remote-ip=149.20.2.31
ARC-Seal: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1719445569; cv=none; b=hQzb3t/djYBurlD9oiTlCnDPAgJOurhEctKbcwnIpTKlpJUgMV7pr7SC+icN91ljCya2jIlvgTRlIouO93bc14ujv83qctl9183kP8TwJDVGHGIMTYBUkEmutdc+em1DifA1BAxN3xqWlx1HNklUBTwJf6aDg2LBBkkUSW6FsAc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1719445569; c=relaxed/relaxed; bh=a4ebOPSHXsEGHT8W+/3V8q2LR0RpJRzJSLGOmPMibqg=; h=DKIM-Signature:DKIM-Signature:Mime-Version:Subject:From:Date: Message-Id:To; b=Vj6W0VuHNOcifGZFGBdgN0yIzdb1WkIrL3oBHao4ovmAfkCzUSWWWpFRlxT+bOKOL9VqXNWk1pQGIH72Z4G72YWOxSXq7WfmFuIdN3Gy/JTTKJDREGee9ttlniyl8wALNjh9v6KWrtI31vN2yLAHDdQISMODscXJNqc59rRUu/U=
ARC-Authentication-Results: i=1; mx.pao1.isc.org
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org 45FB33AB25A
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1719445569; bh=3BeSjM+zc8j3XgEEIf6j4CShR3zeiJ7bUHuOZqw10Tg=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=omN1NkApqADO2hVymxOZyIUuVamWSwl6Wj9OGFb3qR5UGDZkiFSPUunFCD9Oc5Sq9 xgyNNPKLydfYur2XyLuSSF77LEt1OTMBbXbffa0Y1dQQMZYXYSNH/PvOA1fgTKMyjk bu364F3y+i/OT6KP4xza8OjrdIlPN2Pn7CbHhm1Q=
Received: from zimbrang.isc.org (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTPS id 409A4117005F; Wed, 26 Jun 2024 23:46:09 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTP id 1E42211700CD; Wed, 26 Jun 2024 23:46:09 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbrang.isc.org 1E42211700CD
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1719445569; bh=a4ebOPSHXsEGHT8W+/3V8q2LR0RpJRzJSLGOmPMibqg=; h=Mime-Version:From:Date:Message-Id:To; b=RntKg6KILbkyxDyhRbFt19bT7R1rmSEeG2jPhfvWLM6I9LuadfbErsHfiC3SDeDHa 2jY8F10c0JZH1cMKkMpCPjhnVwO27ic0p/jJ92GSuUCp6IYuz40H0CKGAxn2Wx9tid JZt4m0GDqcCPpJyKhOaqYVO+BglGAR1HUH8lJrSE=
Received: from zimbrang.isc.org ([127.0.0.1]) by localhost (zimbrang.isc.org [127.0.0.1]) (amavis, port 10026) with ESMTP id 4r1TsmBTDl9e; Wed, 26 Jun 2024 23:46:09 +0000 (UTC)
Received: from smtpclient.apple (n49-187-18-238.bla1.nsw.optusnet.com.au [49.187.18.238]) by zimbrang.isc.org (Postfix) with ESMTPSA id F0052117005F; Wed, 26 Jun 2024 23:46:07 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.1\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <3AF85A72-1750-485A-85E2-87BD98970355@employees.org>
Date: Thu, 27 Jun 2024 09:45:55 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <5617F53B-FA16-4805-8F70-868D5B3C4820@isc.org>
References: <dc52f56e-054c-4fa9-980f-c0ecfdeffc1a@nsrc.org> <3AF85A72-1750-485A-85E2-87BD98970355@employees.org>
To: Ole Trøan <otroan=40employees.org@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3731.700.6.1.1)
Message-ID-Hash: BQXCWM7LJEM7RU4HAKJSII4MW6VSNLNI
X-Message-ID-Hash: BQXCWM7LJEM7RU4HAKJSII4MW6VSNLNI
X-MailFrom: marka@isc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Brian Candler <brian@nsrc.org>, Tommy Jensen <Jensen.Thomas@microsoft.com>, dnsop@ietf.org, V6 Ops List <v6ops@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [v6ops] [EXTERNAL] New Version Notification for draft-jens-7050-secure-channel-00.txt
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/RRXcG5ZML6j2lBk6CQLUO2AvnFE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>


> On 27 Jun 2024, at 06:51, Ole Trøan <otroan=40employees.org@dmarc.ietf.org> wrote:
> 
> 
> 
>> On 26 Jun 2024, at 22:47, Brian Candler <brian@nsrc.org> wrote:
>> 
>>  On 26/06/2024 21:26, Ole Trøan wrote:
>>> I would still like the option of having an IPv6 only host. (Which 464XLAT doesn’t give).
>> That depends what you mean by "IPv6 only host". Do you mean it only has an IPv6 address on its external interface? Or do you want to disable the IPv4 stack entirely in the kernel?
> 
> Yes, no ipv4 stack at all. 
>> 
>> 
>> The CLAT-in-libc approach gives an interesting middle ground, where the application can still ask to open an AF_INET socket, but this gets translated to AF_INET6 before it hits the kernel. Of course, it would be good to see running code first.
> Agree, that would be quite neat. 

If there is no IPv4 stack then a CLAT is not needed.  Only address mapping is needed.  socket(PF_INET,…) should fail with EAFNOSUPPORT.   CLAT in libc is only needed to support IPv4 only applications and for there to be no IPv4 stack these do not exist by definition.  Dual stack applications don’t need CLAT.  Add a flag to getaddrinfo to say to use PREF64 when looking for addresses and don’t return IPv4 addresses if a PREF64 address is present and AI_ADDRCONFIG is set.  One could also fallback to looking at ipv4-only.arpa if that flag is set.  Run address literals though getaddrinfo.

> Cheers 
> Ole
> _______________________________________________
> v6ops mailing list -- v6ops@ietf.org
> To unsubscribe send an email to v6ops-leave@ietf.org

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org