IETF Logo Mail Archive

Re: RESENDING - Incremental Deployment of IPv6-only Wi-Fi for IETF Meetings

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Sat, 29 July 2017 16:53 UTC

Return-Path: <prvs=13836d3557=jordi.palet@consulintel.es>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2C911317B1 for <ietf@ietfa.amsl.com>; Sat, 29 Jul 2017 09:53:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.099
X-Spam-Level:
X-Spam-Status: No, score=-0.099 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es; domainkeys=pass (1024-bit key) header.from=jordi.palet@consulintel.es header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yY6I9b94bwOi for <ietf@ietfa.amsl.com>; Sat, 29 Jul 2017 09:53:16 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [217.126.185.215]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A9531276AF for <ietf@ietf.org>; Sat, 29 Jul 2017 09:53:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1501347194; x=1501951994; q=dns/txt; h=DomainKey-Signature: Received:User-Agent:Date:Subject:From:To:Message-ID:Thread-Topic: References:In-Reply-To:Mime-version:Content-type: Content-transfer-encoding:Reply-To; bh=sfKJu0nACHP7lfy7WrUC8fIc3 wpIJkjIAa3cTLvUdZ0=; b=iFAMo8tdwMXG9CTMYsYwQqA9MAWwbUNeOyNb7Zl/D DYEl7hrKtmn9kk+M1PfiEKMB8mhmS2GXgvkotDgAIWf3h7+qAeuGtgItvy/A3jYD XBuCMkCHNcrtDLMTdVkxaI40WvSggAsIHwgC5MO6Z4U9oolxQpET4uJGLZ3j06cn kA=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=consulintel.es; c=simple; q=dns; h=from:message-id; b=Talhpm327pH2d3+E5xXGthnyMIk0TM0dcuhQpi+qxAaZmJRkpRIBsgs/REmw GgE3pMsP1DUu7V7ZyQ+umuLcQP++I/sdhSgFvCZLolqw70gvMcLfNrjKg iMGXDvUVVfnfxODPNksmoR/ROqfFSsUf5g6o34yRmN8Os8wwjk3i1s=;
X-MDAV-Processed: mail.consulintel.es, Sat, 29 Jul 2017 18:53:14 +0200
X-Spam-Processed: mail.consulintel.es, Sat, 29 Jul 2017 18:53:10 +0200
Received: from [10.10.10.133] by mail.consulintel.es (MDaemon PRO v11.0.3) with ESMTP id md50005489867.msg for <ietf@ietf.org>; Sat, 29 Jul 2017 18:53:09 +0200
X-MDOP-RefID: re=0.000,fgs=0 (_st=1 _vt=0 _iwf=0)
X-Authenticated-Sender: jordi.palet@consulintel.es
X-HashCash: 1:20:170729:md50005489867::vFIPnIMMOQM8UMy8:000010lM
X-Return-Path: prvs=13836d3557=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: ietf@ietf.org
User-Agent: Microsoft-MacOutlook/f.24.1.170721
Date: Sat, 29 Jul 2017 18:53:08 +0200
Subject: Re: RESENDING - Incremental Deployment of IPv6-only Wi-Fi for IETF Meetings
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: "ietf@ietf.org" <ietf@ietf.org>
Message-ID: <F9259043-6373-4AD0-ADE2-AFE6709E449B@consulintel.es>
Thread-Topic: RESENDING - Incremental Deployment of IPv6-only Wi-Fi for IETF Meetings
References: <93C56C4E-8915-4116-B56D-2D623978FF55@cable.comcast.com> <CABcZeBPXC6w5UUee+O4vxsgS7UnKTGMTO=hu2CM+Au0pk4-h=g@mail.gmail.com> <3ECA0AA9-CC0D-420F-97AE-5AD81C81FE7F@fugue.com> <CABcZeBMYaYHrgnfm+7y9MKVXDAXfZk6n=1rCVdCDZUBzS2GanQ@mail.gmail.com> <0F3E8AF3-4302-406A-84D8-37402D14237B@fugue.com> <0CC96AE9-832A-47DB-96A9-5E5DF67B0BA3@vpnc.org> <CAPt1N1=8tUWLg03zj_uktUiDyb5f7f9BFmjknDn0H3HTqxEHpw@mail.gmail.com> <5cf24919-225e-d1f7-fd02-f9d7ba12a472@cs.tcd.ie> <CAL02cgTkR56TWfThZ+iSLYkuFXm0Rf561ukKfefKne9ycJB6=w@mail.gmail.com>
In-Reply-To: <CAL02cgTkR56TWfThZ+iSLYkuFXm0Rf561ukKfefKne9ycJB6=w@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Reply-To: jordi.palet@consulintel.es
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/mJfFzGFM8XfV6_Dq6ajTZIy7a_k>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Jul 2017 16:53:19 -0000

+1

Exactly: despite how much I’m pro-IPv6 and not suspicious of being against it, and I agree we should try our own dogfood, I fully agree we MUST not force all the IETF participants to try it, as we aren’t the Debugging Task Force, unless we change our principles and clearly state that the IETF network must be considered experimental and in equal conditions for ANYONE willing to experiment on it, despite breaking anything for the rest.

Furthermore:
1) Even if we discover 100 of apps that get broken because the “IPv6-only” network, are we the Internet police or do we have a way to tell those apps developers to do it right?
2) If that’s the case, WHO is going to take the work for notifying the vendors/developers of those apps and making sure that they actually solve the problems?
3) We have a major problem here. We don’t have a real definition of what it means IPv6-only. If we believe that the world will run IPv6-only in the near 3-5 years, we are probably wrong, because we don’t have the power to make it happen. I agree we are turning into an IPv6-only access networks world, but we will keep LANs with dual-stack (with private IPv4 addresses and some transition mechanism in the access router) until 80% of the app developers are done and we can then start considering getting rid-off IPv4 at 100%.

If anyone is interesting in contributing to clarifying the concept of IPv6-only, please, comment in v6ops (pvt is ok too) about:

https://datatracker.ietf.org/doc/draft-palet-ietf-v6ops-ipv6-only/

Regards,
Jordi
 

-----Mensaje original-----
De: ietf <ietf-bounces@ietf.org> en nombre de Richard Barnes <rlb@ipv.sx>
Responder a: <rlb@ipv.sx>
Fecha: sábado, 29 de julio de 2017, 18:31
Para: Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: "draft-jjmb-v6ops-ietf-ipv6-only-incremental@ietf.org" <draft-jjmb-v6ops-ietf-ipv6-only-incremental@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, "ietf@ietf.org" <ietf@ietf.org>
Asunto: Re: RESENDING - Incremental Deployment of IPv6-only Wi-Fi for IETF Meetings

    This is not the Internet Debugging Task Force.  People come to IETF meetings to get work done, not to debug operational issues.  
    
    
    Of course people should be doing research on operational impacts of the protocols being developed, bringing the results of that research to the relevant WGs, and adapting protocols to deal with them.  The TLS 1.3 work has gone through this cycle several times.
    
    However, just like the TLS 1.3 experimentation was not done on production servers that were meant for doing actual work, neither is the IETF network the right place to be discovering protocol issues.  If people want to opt in, fine, but let's not make it the default.
    
    
    
    
    
    On Sat, Jul 29, 2017 at 11:51 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
    
    
    
    On 29/07/17 16:19, Ted Lemon wrote:
    > The IETF is in the business of designing new networking protocols.   If we
    > are so allergic to dogfood that we can't even tolerate it for a week at a
    > time three times a year, when there is an easy way to opt out, I think we
    > ought to just stop spending millions of tons of carbon every year flying to
    > these stupid meetings and go grow turnips or something.
    
    - I quite like the occasional turnip, but hate the idea of
    having to grow the feckers:-)
    
    - I'm also fine with dogfood, e.g the DPRIVE test last time
    worked just fine for me - even though I had to switch DNS stuff
    about when switching from ietf-hotel to gsm, I was ok with that
    as it was an opt-in and I'd opted-in.
    
    - I don't like the sound of the query logging in section 3.1
    of the draft, but am confident that the NOC folks wouldn't do
    something bad there. It'd still be good to see that properly
    described before any switch over, esp if as a default, as I
    guess the draft is really aimed at a bigger audience who may
    not be as clueful about privacy as our NOC team.
    
    - I have no clue if Ubuntu supports this now - section 4.2
    of the draft doesn't fill me with confidence, and I'm puzzled
    as to how the draft figures ssh will continue to work "without
    incident" given known_hosts has v4 addresses. And opting-in
    here will change the state of known_hosts I guess in a way
    that might in principle lead to attacks (that said I've not
    checked what ssh clients know about dns64/nat64).
    
    The above "corner cases", (not that I agree they are:-), the
    DNSSEC stuff already mentioned together and Randy's figures
    imply to me that this isn't yet ready to be a default, and
    ought remain an opt-in.
    
    I might try it out next time though.
    
    One other note: if there were a perceived benefit for the folks
    opting-in that'd help your cause I think. "You can help us all
    make this better" is not a sufficiently direct benefit to attract
    that many dogfood eaters IMO.
    
    Cheers,
    S.
    
    
    
    
    
    
    
    
    
    
    
    
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.

v2.23.0 | Report a Bug | By Email