Re: Non routable IPv6 registry proposal

Phillip Hallam-Baker <> Thu, 21 January 2021 16:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E6A8A3A1241 for <>; Thu, 21 Jan 2021 08:00:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iBCNAp6Sv02F for <>; Thu, 21 Jan 2021 08:00:28 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2A8EC3A124E for <>; Thu, 21 Jan 2021 08:00:27 -0800 (PST)
Received: by with SMTP id w24so2495360ybi.7 for <>; Thu, 21 Jan 2021 08:00:27 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=67QRaalqEUIZ/gBvEu/iQYLILag9y9nEpW5j5xTiOh8=; b=m/KqUBR83nz1JHKAcCkNIV+nHsvEDOUF/BA9R+/Gad0IdviwIAFIwr2R6psoDr2l4N QXIDiA/ftbg1scm1jUqRAubHcDjfEGWji7AriMOPbMTJyZC/kx5GzluJ2KySBmVHB22a FrfDR45Geg65/gughHOE1O5V9rA/b/+PT4dsqSgMTZ6L7NtSLZ+uKqtf3jD9RuNpbfzY 7WLke8Fu/iVoPAConCL5GcZZffY99Spo0wFjhO9w4R6KtUJiFTtpRsZkht5a7OqJZQ+X 5j1K9PHZSjACwZtfAks+cAZZXJakeKpSrJhq4RTa0+duwjFuJhAGs27kS9VgM3ZQDs6D z3ag==
X-Gm-Message-State: AOAM531WdsDU45zHBzo8fuss7AALuQqGJFPY8L1bkfzskKeaCADamsec fy0vwHhZnc6YNP5I/r1QHdaLkmIV121y+UWPJfQ=
X-Google-Smtp-Source: ABdhPJweN9U/GF3HQ/r99WKumYNi8LikSyLZjH53BM4Jbd6bhTYOcQDaXTd8miKy+gBd3MgHUGlcmLNKu/Bhh8SkESI=
X-Received: by 2002:a25:bc44:: with SMTP id d4mr21173124ybk.522.1611244826225; Thu, 21 Jan 2021 08:00:26 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <> <> <> <>
In-Reply-To: <>
From: Phillip Hallam-Baker <>
Date: Thu, 21 Jan 2021 11:00:15 -0500
Message-ID: <>
Subject: Re: Non routable IPv6 registry proposal
To: Nick Hilliard <>
Cc: Brian E Carpenter <>, IETF Discussion Mailing List <>
Content-Type: multipart/alternative; boundary="000000000000836f4905b96b2b1b"
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 21 Jan 2021 16:00:30 -0000

On Thu, Jan 21, 2021 at 5:14 AM Nick Hilliard <> wrote:

> Phillip Hallam-Baker wrote on 21/01/2021 01:57:
> > People make waaaay too much out of the risks of running registries
> Yep they certainly do, until there's a registry failure, or even the
> threat of one. At that point, people often execute dramatic u-turns in
> their opinion, depending on how important the registry's function was to
> them.
> Nick

Has there ever been a proper consideration of the abstract security
concerns for a registry?

I rather suspect the closest we get is Warwick Ford et. al. writing the
Certificate Policy Statement RFC in PKIX which was largely based on Michael
Baum's practice statement for VRSN class 3. That is rather heavily PKI
focused and it is all based on a Kohnfelder PKI architecture and 1980s PKI

Perhaps we should ask how registries can go wrong. Or maybe we should ask
the IAB to consider this.I can think of a few problems:

* Duplicate registrations
* Unauthorized registration modification
* Unpublished registrations
* Inappropriate semantic mapping

* Rent seeking
* Denial of service
* Coercion by government

What gets wrapped round the axle in DNS space is of course the semantic
mapping issues. DNS names have an obvious interpretation. There is the
natural assumption arrives at Microsoft Inc. Failure to
achieve that mapping correctly is actually a serious safety and security
issue as they provide the most popular desktop operating system. That is a
very complex issue and I am not in the least impressed by the way ICANN has
approached it.

ULAs are free of semantic binding, or at least the ones I propose to issue
will be.

OK so there is one 'risk' that perhaps should be mentioned openly because
it is likely the one of most concern to people, 'what are the unexpected
uses of these addresses' or 'what else is PHB planning he is not telling us

Well I really wished I knew myself because I can see several possibilities
but they are still a bit on the fuzzy side. I think I am going to have to
build a prototype before I can start to get a handle on those. But it is my
experience that getting the addressing right is the key to solving any
network protocol issue. URIs made the Web.

The registry concern that is rarely considered in IETF is what happens if
there is no registry? There are two possibilities:

1) Innovation is put on hold until the registry is created.
2) People just create their own code points

The second has occurred on countless occasions and sometimes between really
big companies. Every hard drive has a unique identifier which is actually
in the MAC address space. After asking nicely and getting the run-around,
the drive makers just allocated themselves 1/16th of the total MAC address