Re: Last Call: <draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03.txt> (IPv6 AAAA DNS Whitelisting Implications) to Informational RFC
Pekka Savola <pekkas@netcore.fi> Tue, 26 April 2011 09:51 UTC
Return-Path: <pekkas@netcore.fi>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F001E06B2; Tue, 26 Apr 2011 02:51:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6GC5sDMnIG2H; Tue, 26 Apr 2011 02:51:17 -0700 (PDT)
Received: from netcore.fi (eunet-gw.ipv6.netcore.fi [IPv6:2001:670:86:3001::1]) by ietfa.amsl.com (Postfix) with ESMTP id BA583E06B1; Tue, 26 Apr 2011 02:51:16 -0700 (PDT)
Received: from netcore.fi (localhost [127.0.0.1]) by netcore.fi (8.13.8/8.13.8) with ESMTP id p3Q9p6pl023739 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 26 Apr 2011 12:51:06 +0300
Received: from localhost (pekkas@localhost) by netcore.fi (8.13.8/8.13.8/Submit) with ESMTP id p3Q9p5i1023735; Tue, 26 Apr 2011 12:51:06 +0300
Date: Tue, 26 Apr 2011 12:51:05 +0300
From: Pekka Savola <pekkas@netcore.fi>
To: ietf@ietf.org
Subject: Re: Last Call: <draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03.txt> (IPv6 AAAA DNS Whitelisting Implications) to Informational RFC
In-Reply-To: <20110415205113.13704.48681.idtracker@ietfc.amsl.com>
Message-ID: <alpine.LRH.2.02.1104261249510.23669@netcore.fi>
References: <20110415205113.13704.48681.idtracker@ietfc.amsl.com>
User-Agent: Alpine 2.02 (LRH 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Virus-Scanned: clamav-milter 0.97 at otso.netcore.fi
X-Virus-Status: Clean
Cc: v6ops@ietf.org, v6ops-chairs@tools.ietf.org, draft-ietf-v6ops-v6-aaaa-whitelisting-implications@tools.ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2011 09:51:18 -0000
On Fri, 15 Apr 2011, The IESG wrote: > The IESG has received a request from the IPv6 Operations WG (v6ops) to > consider the following document: > - 'IPv6 AAAA DNS Whitelisting Implications' > <draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03.txt> as an > Informational RFC This is an ops-dir review of draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03. The document is readable and could be published as-is. I share some of the concerns already expressed in the document, but I think the doc strikes a reasonable balance between the concerns and practical points. One bigger comment: ------------------- Section 6 on deployment scenarios seems too black and white: either it is done ad-hoc or (completely) universally. The latter is unfeasible. The document should cover a middle ground which is already discussed in [NW-Article-DNS-WL], i.e., one or more whitelisting information providers would be used by multiple content networks. This has many benefits compared to completely ad-hoc model, and is feasible compared to universal model. The "universal deployment model" proposition has created ripples throughout the document (one such place is S 7.3.7), and I think the document might have been clearer if that was taken out completely -- or at least, issues related to each deployment model would be more clearly separated. ...... 8.3.1. Solving Current End User IPv6 Impairments ... One challenge with this option is the potential difficulty of motivating members of the Internet community to work collectively towards this goal, sharing the labor, time, and costs related to such an effort. Of course, since just such a community effort is now underway for IPv6, it is possible that this would call for only a moderate amount of additional work. ... I would observe that ad-hoc whitelisting is already requiring a lot of work from each of whitelisting providers. Would this require more than that? If the alternative is to do nothing (no whitelisting, no user impairment notification) that is clear the winner from the selfish POV. But if the choice is between whitelisting and alerting, I don't see much difference between the two. Both could benefit from joint activities, but both can also be operated in an ad-hoc fashion. editorial: ---------- 7.3.7. Additional Implications If Deployed On An Ad Hoc Basis Additional implications, should this be deployed on an ad hoc basis, could include scalability problems relating to operational processes, monitoring, and ACL updates. ... this could be read to imply that S 7.3.1-6 would be applicable to universal deployment. This is not what is meant. Maybe clarify somewhat like as follows: Previous subsections described implications that apply to both ad-hoc and universal deployment models. Some additional implications are specific to ad-hoc deployment models, namely ... S 7.5 governmental, and/or cultural conflicts, given the new control point which has be established with DNS whitelisting. For example, in one s/be/been/ [IPv6 Brokenness] Anderson, T., "Measuring and Combating IPv6 Brokenness", Reseaux IP Europeens (RIPE) 61st Meeting, November 2011, <http://ripe61.ripe.net/presentations/162-ripe61.pdf>. s/2011/2010/
- Re: Last Call: <draft-ietf-v6ops-v6-aaaa-whitelis… Bernard Aboba
- Re: Last Call: <draft-ietf-v6ops-v6-aaaa-whitelis… SM
- Re: Last Call: <draft-ietf-v6ops-v6-aaaa-whitelis… Pekka Savola
- Re: Last Call: <draft-ietf-v6ops-v6-aaaa-whitelis… Livingood, Jason
- Re: Last Call: <draft-ietf-v6ops-v6-aaaa-whitelis… Livingood, Jason