Re: Non routable IPv6 registry proposal

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 21 January 2021 19:56 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 769A23A0B36 for <ietf@ietfa.amsl.com>; Thu, 21 Jan 2021 11:56:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.361
X-Spam-Level:
X-Spam-Status: No, score=-2.361 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8IlfPTGrLynT for <ietf@ietfa.amsl.com>; Thu, 21 Jan 2021 11:56:05 -0800 (PST)
Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5383C3A0B34 for <ietf@ietf.org>; Thu, 21 Jan 2021 11:56:05 -0800 (PST)
Received: by mail-pf1-x436.google.com with SMTP id w18so2158001pfu.9 for <ietf@ietf.org>; Thu, 21 Jan 2021 11:56:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=G+j267Hv8y5DTJtqM5sIqq52kLqK883WiwGQcZsWqIU=; b=AXRD4h6q/P7HhhNzgYHespz4G9QVuIWP1w9ORGMNheJOoL7Pvr88XXSW942b8JfoKT o5OzjiWqtuO7+VDRJJMzvIv7gQ2HZfaPnt6Alzmn1/TWoEo94xw1ghRBtiobuN+CZUPC E5ECb6y8T4a8xnHEGpv25cxqkhRGsPoYAOo+6FQ+fhS96gYfeyJJQz3PWDMLST+kBDiV coKbsA8AIjEakJVwuey7qg9EdsfVmFPv74yvOhAo3IUHUAuUbDqXXqZAqQetHpbP3TZ4 YFA5IMktbomXQosGAaYhPFW4knmFSr5sSoun7hGx1UIg0E9yFRYTwt1VywdhlVg5JTsn 5vVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=G+j267Hv8y5DTJtqM5sIqq52kLqK883WiwGQcZsWqIU=; b=Mb2D3Vn5b7MEBJ/C+pwrhqOL/4ZfvUHHeEUSvrcNFU2K9PYPbK4KK6wSCkYtwd/Ebg /shTXsZidxBNZ2D/2VyoiYsW3krO7TEwA2upFUOAwnxUIJlXX3dQ8mu//tzNawpJ0vWn mxNmEknyG+fLwWrSQk+4AZD9O+al9We6GrT8ZApXtCVuxmQzPJX7dAVliWLuL3EKn377 5SjGY35dTkaXm3f/sT4JlPQJhQqpFLaR0HZAqqrIV2xhodV1YVHmQ68UUFrSoHBT+nD8 guzt93Cc3039ArARlssO8myRah8U9SkAUcnkv/zxr4InXa+dgOJjauN/HDvUdsGqbvYt DCIg==
X-Gm-Message-State: AOAM531ywnsNsHVanfKbLnCS1xtnWFVNzkqbeVEkiqluERcgghJo2xRO mJ51hZha864e4pTmMGnzF7CDDF9VhZxGJw==
X-Google-Smtp-Source: ABdhPJxVZNpAL7nvqlgGCSsTOLk5k8AFYNtkMfROUknXYkis6HQ3k/KmYMBDMLTufRZznLUGO4ZUWA==
X-Received: by 2002:a62:bd05:0:b029:1ab:6d2:5edf with SMTP id a5-20020a62bd050000b02901ab06d25edfmr1100004pff.32.1611258964415; Thu, 21 Jan 2021 11:56:04 -0800 (PST)
Received: from [192.168.178.20] ([151.210.131.28]) by smtp.gmail.com with ESMTPSA id x125sm6091509pgb.35.2021.01.21.11.56.02 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Jan 2021 11:56:03 -0800 (PST)
Subject: Re: Non routable IPv6 registry proposal
To: Phillip Hallam-Baker <phill@hallambaker.com>, Michael Richardson <mcr+ietf@sandelman.ca>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
References: <CAMm+LwjNiE0P7RAVqzKMypNbh3=9BeqiWn_hGv3E=zX7-YmSXQ@mail.gmail.com> <72F969A9-AF94-47B6-B48C-B3CD4D9A7C72@strayalpha.com> <7cc9e38c-5a00-ec59-a8c2-10503cc40d50@si6networks.com> <CB1A6DF0-8CDD-495D-9F7B-80BF72F08C1E@strayalpha.com> <CAMm+LwjU2SQeydRJ7zcDORz+1-z634OCe34HMKTKHiQvg+4M7w@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <00a9feed-5e48-05de-b3ee-27d9a98c6be1@gmail.com>
Date: Fri, 22 Jan 2021 08:56:01 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CAMm+LwjU2SQeydRJ7zcDORz+1-z634OCe34HMKTKHiQvg+4M7w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/4qYa6BD04JY5YG78BrpTEZPjAoE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2021 19:56:07 -0000

Putting two things together:
On 22-Jan-21 07:57, Phillip Hallam-Baker wrote:
...
> A ULA->Public key registry provides exactly the right degree of incentive. It allows us to take an area that is currently flaky as heck and make it 'just work'. That area is VPN access.

Yes, but afaik you (or I) can't claim ownership of random numbers. So if my ULA prefix is fd63:45eb:dc14::/48 and I provide a public key for it, what's to stop you using the same prefix and providing your own public key for it?

On 22-Jan-21 01:20, Michael Richardson wrote:

> Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>     >> While ULAs and privacy enhanced addresses have important uses for
>     >> individual privacy, when it comes to non-moving business/enterprise
>     >> infrastructure, audit and accountability is much more important, and
>     >> ULA-R does not satisfy that.
> 
>     > How is that problem solved today for RFC 1918 addresses?
> 
> It's not.

If ULA usage is validated by a public key, that might appear to support audit and accountability, but only if there's a third-party guarantee of uniqueness. I think Michael has an important point here. A self-assigned ULA prefix has no more legal significance than a Net 10 address.

Regards
    Brian