Re: Last Call: <draft-ietf-opsec-ipv6-implications-on-ipv4-nets-03.txt> (Security Implications of IPv6 on IPv4 Networks) to Informational RFC
Fernando Gont <fgont@si6networks.com> Wed, 03 April 2013 01:17 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 909CA21F87C5 for <ietf@ietfa.amsl.com>; Tue, 2 Apr 2013 18:17:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.153
X-Spam-Level:
X-Spam-Status: No, score=-2.153 tagged_above=-999 required=5 tests=[AWL=0.446, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6PGmw3ewA+D7 for <ietf@ietfa.amsl.com>; Tue, 2 Apr 2013 18:17:41 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id 0E0DF21E803A for <ietf@ietf.org>; Tue, 2 Apr 2013 18:17:32 -0700 (PDT)
Received: from [186.134.38.231] (helo=[192.168.123.125]) by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) (envelope-from <fgont@si6networks.com>) id 1UNCKK-0000UT-MO; Wed, 03 Apr 2013 03:17:25 +0200
Message-ID: <515B6A04.9080400@si6networks.com>
Date: Tue, 02 Apr 2013 20:30:12 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130308 Thunderbird/17.0.4
MIME-Version: 1.0
To: SM <sm@resistor.net>
Subject: Re: Last Call: <draft-ietf-opsec-ipv6-implications-on-ipv4-nets-03.txt> (Security Implications of IPv6 on IPv4 Networks) to Informational RFC
References: <20130329130326.13012.1402.idtracker@ietfa.amsl.com> <6.2.5.6.2.20130330230305.0bce91a8@resistor.net> <2671C6CDFBB59E47B64C10B3E0BD5923042CFA4019@PRVPEXVS15.corp.twcable.com> <6.2.5.6.2.20130401134936.0a5a1420@resistor.net>
In-Reply-To: <6.2.5.6.2.20130401134936.0a5a1420@resistor.net>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2013 01:17:41 -0000
On 04/01/2013 06:14 PM, SM wrote: >> with IPv6 connectivity. However, it's inappropriate to rely on >> pervasive implementation of Happy Eyeballs as the sole solution to >> prevent end host impacts, since the end user may not know that IPv6 is >> actively being disabled on this network, or that their IPv6 >> implementation is otherwise broken. This is a problem that continues >> to get worse the more dual-stack content becomes available. > > I agree with the last sentence. Happy Eyeballs is about the HTTP. > There are other applications protocols too. :-) Happy eyeballs is about HTTP. But part of the approach predates "Happy Eyeballs" -- please see RFC5461. Signaling hosts when packets are being dropped allows for a more informed decision/reaction on the host-side. Removing the AAAA records when you're not going to allow such connectivity reduces the potential problem (at the end of the day, this is kind of the whitelisting approach that has been applied to the general case by content providers -- with the caveat that in this case you positively know that such connectivity is not present). Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- Re: Last Call: <draft-ietf-opsec-ipv6-implication… Brian E Carpenter
- Re: Last Call: <draft-ietf-opsec-ipv6-implication… SM
- Re: Last Call: <draft-ietf-opsec-ipv6-implication… Fernando Gont
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-imp… Fernando Gont
- RE: Last Call: <draft-ietf-opsec-ipv6-implication… George, Wes
- Re: Last Call: <draft-ietf-opsec-ipv6-implication… SM
- RE: Last Call: <draft-ietf-opsec-ipv6-implication… SM
- Re: Last Call: <draft-ietf-opsec-ipv6-implication… Fernando Gont
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-imp… Brian E Carpenter
- Re: Last Call: <draft-ietf-opsec-ipv6-implication… Fernando Gont
- Re: Last Call: <draft-ietf-opsec-ipv6-implication… Ted Lemon
- Re: Last Call: <draft-ietf-opsec-ipv6-implication… SM
- Re: Last Call: <draft-ietf-opsec-ipv6-implication… Fernando Gont
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-imp… Fernando Gont
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-imp… Brian E Carpenter
- Re: [OPSEC] Last Call: <draft-ietf-opsec-ipv6-imp… Fernando Gont