Re: Non routable IPv6 registry proposal
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 21 January 2021 16:00 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6A8A3A1241 for <ietf@ietfa.amsl.com>; Thu, 21 Jan 2021 08:00:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iBCNAp6Sv02F for <ietf@ietfa.amsl.com>; Thu, 21 Jan 2021 08:00:28 -0800 (PST)
Received: from mail-yb1-f174.google.com (mail-yb1-f174.google.com [209.85.219.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A8EC3A124E for <ietf@ietf.org>; Thu, 21 Jan 2021 08:00:27 -0800 (PST)
Received: by mail-yb1-f174.google.com with SMTP id w24so2495360ybi.7 for <ietf@ietf.org>; Thu, 21 Jan 2021 08:00:27 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=67QRaalqEUIZ/gBvEu/iQYLILag9y9nEpW5j5xTiOh8=; b=m/KqUBR83nz1JHKAcCkNIV+nHsvEDOUF/BA9R+/Gad0IdviwIAFIwr2R6psoDr2l4N QXIDiA/ftbg1scm1jUqRAubHcDjfEGWji7AriMOPbMTJyZC/kx5GzluJ2KySBmVHB22a FrfDR45Geg65/gughHOE1O5V9rA/b/+PT4dsqSgMTZ6L7NtSLZ+uKqtf3jD9RuNpbfzY 7WLke8Fu/iVoPAConCL5GcZZffY99Spo0wFjhO9w4R6KtUJiFTtpRsZkht5a7OqJZQ+X 5j1K9PHZSjACwZtfAks+cAZZXJakeKpSrJhq4RTa0+duwjFuJhAGs27kS9VgM3ZQDs6D z3ag==
X-Gm-Message-State: AOAM531WdsDU45zHBzo8fuss7AALuQqGJFPY8L1bkfzskKeaCADamsec fy0vwHhZnc6YNP5I/r1QHdaLkmIV121y+UWPJfQ=
X-Google-Smtp-Source: ABdhPJweN9U/GF3HQ/r99WKumYNi8LikSyLZjH53BM4Jbd6bhTYOcQDaXTd8miKy+gBd3MgHUGlcmLNKu/Bhh8SkESI=
X-Received: by 2002:a25:bc44:: with SMTP id d4mr21173124ybk.522.1611244826225; Thu, 21 Jan 2021 08:00:26 -0800 (PST)
MIME-Version: 1.0
References: <CAMm+LwjNiE0P7RAVqzKMypNbh3=9BeqiWn_hGv3E=zX7-YmSXQ@mail.gmail.com> <abdac3dd-f601-1fae-8c9f-fbe393930558@foobar.org> <e9a49b69-b629-356b-c33a-4d49794c3e89@gmail.com> <CAMm+Lwh7nQRm=4fLkOKOgQA9L9TS_wh3qSmmV_Ko+N+afDtw+Q@mail.gmail.com> <7f73201d-7f28-92ff-875f-12133e278f94@foobar.org> <CAMm+Lwif4fB_kr7F=hR_nzPhESbqk55E2ZF6o51vC3tDmGCfEw@mail.gmail.com> <babb667b-fd2d-dc0c-8979-63d51ded7c05@foobar.org>
In-Reply-To: <babb667b-fd2d-dc0c-8979-63d51ded7c05@foobar.org>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 21 Jan 2021 11:00:15 -0500
Message-ID: <CAMm+Lwjdxa3H1zfae=mQKnuSM--jicN_qCTiBKi3Fe1oBW-P_A@mail.gmail.com>
Subject: Re: Non routable IPv6 registry proposal
To: Nick Hilliard <nick@foobar.org>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000836f4905b96b2b1b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/0b2d7_9X7GLBcWe1vWFbNFBIgrs>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2021 16:00:30 -0000
On Thu, Jan 21, 2021 at 5:14 AM Nick Hilliard <nick@foobar.org> wrote: > Phillip Hallam-Baker wrote on 21/01/2021 01:57: > > People make waaaay too much out of the risks of running registries > > Yep they certainly do, until there's a registry failure, or even the > threat of one. At that point, people often execute dramatic u-turns in > their opinion, depending on how important the registry's function was to > them. > > Nick > Has there ever been a proper consideration of the abstract security concerns for a registry? I rather suspect the closest we get is Warwick Ford et. al. writing the Certificate Policy Statement RFC in PKIX which was largely based on Michael Baum's practice statement for VRSN class 3. That is rather heavily PKI focused and it is all based on a Kohnfelder PKI architecture and 1980s PKI technology. Perhaps we should ask how registries can go wrong. Or maybe we should ask the IAB to consider this.I can think of a few problems: Integrity * Duplicate registrations * Unauthorized registration modification * Unpublished registrations * Inappropriate semantic mapping Availability * Rent seeking * Denial of service * Coercion by government What gets wrapped round the axle in DNS space is of course the semantic mapping issues. DNS names have an obvious interpretation. There is the natural assumption microsoft.com arrives at Microsoft Inc. Failure to achieve that mapping correctly is actually a serious safety and security issue as they provide the most popular desktop operating system. That is a very complex issue and I am not in the least impressed by the way ICANN has approached it. ULAs are free of semantic binding, or at least the ones I propose to issue will be. OK so there is one 'risk' that perhaps should be mentioned openly because it is likely the one of most concern to people, 'what are the unexpected uses of these addresses' or 'what else is PHB planning he is not telling us about'. Well I really wished I knew myself because I can see several possibilities but they are still a bit on the fuzzy side. I think I am going to have to build a prototype before I can start to get a handle on those. But it is my experience that getting the addressing right is the key to solving any network protocol issue. URIs made the Web. The registry concern that is rarely considered in IETF is what happens if there is no registry? There are two possibilities: 1) Innovation is put on hold until the registry is created. 2) People just create their own code points The second has occurred on countless occasions and sometimes between really big companies. Every hard drive has a unique identifier which is actually in the MAC address space. After asking nicely and getting the run-around, the drive makers just allocated themselves 1/16th of the total MAC address space.
- Re: Non routable IPv6 registry proposal Nick Hilliard
- Non routable IPv6 registry proposal Phillip Hallam-Baker
- Re: Non routable IPv6 registry proposal Joe Touch
- Re: Non routable IPv6 registry proposal John Levine
- Re: Non routable IPv6 registry proposal Brian E Carpenter
- Re: Non routable IPv6 registry proposal Phillip Hallam-Baker
- Re: Non routable IPv6 registry proposal Phillip Hallam-Baker
- Re: Non routable IPv6 registry proposal Nick Hilliard
- Re: Non routable IPv6 registry proposal Fernando Gont
- Re: Non routable IPv6 registry proposal Fernando Gont
- Re: Non routable IPv6 registry proposal Fernando Gont
- Re: Non routable IPv6 registry proposal John R Levine
- Re: Non routable IPv6 registry proposal Christopher Morrow
- Re: Non routable IPv6 registry proposal George Michaelson
- Re: Non routable IPv6 registry proposal Phillip Hallam-Baker
- Re: Non routable IPv6 registry proposal Michael Richardson
- Re: Non routable IPv6 registry proposal Phillip Hallam-Baker
- Re: Non routable IPv6 registry proposal Brian E Carpenter
- Re: Non routable IPv6 registry proposal Brian E Carpenter
- Re: Non routable IPv6 registry proposal John R Levine
- Re: Non routable IPv6 registry proposal Nick Hilliard
- Re: Non routable IPv6 registry proposal Masataka Ohta
- Re: Non routable IPv6 registry proposal Michael Richardson
- Re: Non routable IPv6 registry proposal Phillip Hallam-Baker
- Re: Non routable IPv6 registry proposal Joseph Touch
- Re: Non routable IPv6 registry proposal Phillip Hallam-Baker
- Re: Non routable IPv6 registry proposal Nick Hilliard
- Re: Non routable IPv6 registry proposal Brian E Carpenter
- Re: Non routable IPv6 registry proposal Nick Hilliard
- Re: Non routable IPv6 registry proposal Phillip Hallam-Baker
- Re: Non routable IPv6 registry proposal Phillip Hallam-Baker
- Re: Non routable IPv6 registry proposal Christian Huitema
- Re: Non routable IPv6 registry proposal Phillip Hallam-Baker
- Re: Non routable IPv6 registry proposal Christian Huitema
- Re: Non routable IPv6 registry proposal Nick Hilliard
- Re: Non routable IPv6 registry proposal Phillip Hallam-Baker
- Re: Non routable IPv6 registry proposal Fernando Gont
- Re: Non routable IPv6 registry proposal Eliot Lear
- Re: Non routable IPv6 registry proposal Masataka Ohta
- Re: Non routable IPv6 registry proposal Phillip Hallam-Baker
- Re: Non routable IPv6 registry proposal Joe Touch
- Re: Non routable IPv6 registry proposal Fernando Gont
- e2e [was: Non routable IPv6 registry proposal] Brian E Carpenter
- Re: Non routable IPv6 registry proposal Fernando Gont
- Re: Non routable IPv6 registry proposal Joe Touch
- Re: Non routable IPv6 registry proposal Fernando Gont
- Re: e2e [was: Non routable IPv6 registry proposal] Fernando Gont
- Re: Non routable IPv6 registry proposal Joel M. Halpern
- Re: e2e [was: Non routable IPv6 registry proposal] Joseph Touch
- Re: e2e [was: Non routable IPv6 registry proposal] Phillip Hallam-Baker
- Unique 128 bit identifiers. Was: Non routable IPvā¦ Phillip Hallam-Baker
- Re: Non routable IPv6 registry proposal Nico Schottelius
- Re: Non routable IPv6 registry proposal Keith Moore
- Re: Non routable IPv6 registry proposal David Farmer
- Re: Non routable IPv6 registry proposal David Farmer
- Re: Non routable IPv6 registry proposal Brian E Carpenter
- Re: Non routable IPv6 registry proposal David Farmer
- Re: Non routable IPv6 registry proposal Fred Baker
- Re: Non routable IPv6 registry proposal David Farmer
- Re: Non routable IPv6 registry proposal Brian E Carpenter
- Re: Non routable IPv6 registry proposal David Farmer
- Re: Non routable IPv6 registry proposal Bob Hinden
- Re: Non routable IPv6 registry proposal David Farmer
- Re: Non routable IPv6 registry proposal Nico Schottelius
- Re: Non routable IPv6 registry proposal Brian E Carpenter
- Re: Non routable IPv6 registry proposal Nico Schottelius
- Re: Non routable IPv6 registry proposal Bob Hinden
- Re: Non routable IPv6 registry proposal Keith Moore
- Re: Non routable IPv6 registry proposal Nick Hilliard
- Re: Non routable IPv6 registry proposal Bob Hinden
- Re: Non routable IPv6 registry proposal David Farmer
- Re: Non routable IPv6 registry proposal Nick Hilliard