IETF Logo Mail Archive

Re: Last Call: <draft-ietf-opsec-ipv6-implications-on-ipv4-nets-03.txt> (Security Implications of IPv6 on IPv4 Networks) to Informational RFC

Fernando Gont <fgont@si6networks.com> Wed, 03 April 2013 01:17 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 909CA21F87C5 for <ietf@ietfa.amsl.com>; Tue, 2 Apr 2013 18:17:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.153
X-Spam-Level:
X-Spam-Status: No, score=-2.153 tagged_above=-999 required=5 tests=[AWL=0.446, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6PGmw3ewA+D7 for <ietf@ietfa.amsl.com>; Tue, 2 Apr 2013 18:17:41 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id 0E0DF21E803A for <ietf@ietf.org>; Tue, 2 Apr 2013 18:17:32 -0700 (PDT)
Received: from [186.134.38.231] (helo=[192.168.123.125]) by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) (envelope-from <fgont@si6networks.com>) id 1UNCKK-0000UT-MO; Wed, 03 Apr 2013 03:17:25 +0200
Message-ID: <515B6A04.9080400@si6networks.com>
Date: Tue, 02 Apr 2013 20:30:12 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130308 Thunderbird/17.0.4
MIME-Version: 1.0
To: SM <sm@resistor.net>
Subject: Re: Last Call: <draft-ietf-opsec-ipv6-implications-on-ipv4-nets-03.txt> (Security Implications of IPv6 on IPv4 Networks) to Informational RFC
References: <20130329130326.13012.1402.idtracker@ietfa.amsl.com> <6.2.5.6.2.20130330230305.0bce91a8@resistor.net> <2671C6CDFBB59E47B64C10B3E0BD5923042CFA4019@PRVPEXVS15.corp.twcable.com> <6.2.5.6.2.20130401134936.0a5a1420@resistor.net>
In-Reply-To: <6.2.5.6.2.20130401134936.0a5a1420@resistor.net>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2013 01:17:41 -0000

On 04/01/2013 06:14 PM, SM wrote:
>> with IPv6 connectivity. However, it's inappropriate to rely on
>> pervasive implementation of Happy Eyeballs as the sole solution to
>> prevent end host impacts, since the end user may not know that IPv6 is
>> actively being disabled on this network, or that their IPv6
>> implementation is otherwise broken. This is a problem that continues
>> to get worse the more dual-stack content becomes available.
> 
> I agree with the last sentence.  Happy Eyeballs is about the HTTP. 
> There are other applications protocols too. :-) 

Happy eyeballs is about HTTP. But part of the approach predates "Happy
Eyeballs" -- please see RFC5461.

Signaling hosts when packets are being dropped allows for a more
informed decision/reaction on the host-side.

Removing the AAAA records when you're not going to allow such
connectivity reduces the potential problem (at the end of the day, this
is kind of the whitelisting approach that has been applied to the
general case by content providers -- with the caveat that in this case
you positively know that such connectivity is not present).

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email