IETF Logo Mail Archive

Re: Accurate history [Re: "professional" in an IETF context]

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 05 November 2021 20:13 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 673953A0D3D for <ietf@ietfa.amsl.com>; Fri, 5 Nov 2021 13:13:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.428
X-Spam-Level:
X-Spam-Status: No, score=-5.428 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-3.33, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3M38OVmx1U3t for <ietf@ietfa.amsl.com>; Fri, 5 Nov 2021 13:13:15 -0700 (PDT)
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FF433A0CF8 for <ietf@ietf.org>; Fri, 5 Nov 2021 13:13:15 -0700 (PDT)
Received: by mail-pj1-x1033.google.com with SMTP id w9-20020a17090a1b8900b001a6b3b7ec17so4018193pjc.3 for <ietf@ietf.org>; Fri, 05 Nov 2021 13:13:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=SmOlTaN/xZYHrcdqTn2AhQ+h+MhwDf2K2NiHA5gVt1I=; b=S6rXpVV3L7omTiZG89w9phu1cdaKUnlDcn7ZVheiiqZsBWWlDJao4EOlc7B8spNf2V 90hW9XTNYWO9NR+cyUx+Aw7tL8GoaI69ZPjDHd9jIXJhqKSfNCxwtC8R+8nZIpRQfFkX hNDgF03zasNnlf0usT7FaFBNaLA3/khhPWj/qUfGnAfps/cL7FYZkyf8VZkhBLyuFzQS kIDjfIUFixVQ/odesnqJyoH+WNglRfexvCFFNuqOYRGrj9L+a+hxsBUSGJ29i+OJ+o9E dH022eYAEQmni77Vcnr1sQ868/BCMsVm7n3ULBV3M7DHrOY6caW/GZ9k+KC7zl0qJgNQ 4zUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=SmOlTaN/xZYHrcdqTn2AhQ+h+MhwDf2K2NiHA5gVt1I=; b=Hxf3G1C++eVuaT7AZXl/EHel0coc4aifWQQZQd54Z3keBrh5KXfcTcbYLap2LH1b1J r0IG7PaU88QkHJdyZMQzsA1ZDtBjuqS65T2utgTc7fDlg5LCCpghD5xf7vDyCW3PpM3K kwLaHfv9bfQAvKwka8x5IkD/rgtAO8hRocb094MtB+UDsunCYZYlhFINB9q6EjGeYGMt BCEY6x6jDh7BVOYeESNobtWQVZ7bWuISP/T9cBZ9FwcO397j/9nDcVWyf9sS68/pEirT VYGR2gtuexbYBSV+VHSgMSdKTbqnaNJUWNa0KEydncJ8jK7dVWSOKiXkzS4ikQu2tGmY X2jQ==
X-Gm-Message-State: AOAM531MSvwKrhUnZss3ReFpH1j+1PVP4uDLrge2j1xr4+atxl7e8I1G YuSPqj+8l+svjT7rLKeZZyPgUYP+hNK7dw==
X-Google-Smtp-Source: ABdhPJz8FyOQ+HgmEm2AwGjTiFj/Z5pfNfoRq1BgxeyaTj2bCJFhvf90BRfU4lrtTtMzOq+tRk442g==
X-Received: by 2002:a17:902:a70e:b0:141:a01d:9d6c with SMTP id w14-20020a170902a70e00b00141a01d9d6cmr50228308plq.84.1636143191758; Fri, 05 Nov 2021 13:13:11 -0700 (PDT)
Received: from ?IPv6:2406:e003:102d:e801:80b2:5c79:2266:e431? ([2406:e003:102d:e801:80b2:5c79:2266:e431]) by smtp.gmail.com with ESMTPSA id p4sm8162561pfo.73.2021.11.05.13.13.09 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 05 Nov 2021 13:13:11 -0700 (PDT)
Subject: Re: Accurate history [Re: "professional" in an IETF context]
To: Stewart Bryant <stewart.bryant@gmail.com>, Vasilenko Eduard <vasilenko.eduard@huawei.com>
Cc: IETF <ietf@ietf.org>
References: <8F4B97EA-665F-4A59-B99D-791B4AB9F2F7@yahoo.co.uk> <4ec32d7a-a17b-635b-91bc-4152313d6800@necom830.hpcl.titech.ac.jp> <885e62bf-7d6a-4501-a48a-e7c2cbf20382@joelhalpern.com> <e59adb61-a55c-7f5f-a60a-40bf186c139d@necom830.hpcl.titech.ac.jp> <CAC8QAceMSrfkqGTYcMNr3JargO3gxJqTaEyf02LGHd-KVeUDHw@mail.gmail.com> <6286da3e-2beb-9556-089a-2e1951573b1e@gmail.com> <59c80b60-438f-b10f-ad61-ba839f6e4f95@necom830.hpcl.titech.ac.jp> <e834916e85ea47ef94fce07c23928d2b@huawei.com> <37b299c8-e821-07e5-6240-68fb9d1ca137@gmail.com> <23b450fb11eb4a51bb4ee837b5c52657@huawei.com> <a805b50d-3ccd-dd2a-4931-6c6dc9a8ede3@necom830.hpcl.titech.ac.jp> <CAC8QAceY1gtK5v3WGMd4OB0z826jDiDDw_g1LbjWef7MKTnrcg@mail.gmail.com> <7d6af5bc-9663-7e4e-26ba-23fb1e4dccbe@necom830.hpcl.titech.ac.jp> <7238184A-53D6-42C3-B9C3-E333513A8636@sobco.com> <513d8f63-78c6-50ca-9d11-ee128af0d202@foobar.org> <f6ecd8af8e0040869e152b086e041a42@huawei.com> <E285424F-7E21-47BF-8235-BF9710F1593C@gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <23408009-7933-d1ed-6347-13092ee3abc9@gmail.com>
Date: Sat, 06 Nov 2021 09:13:06 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <E285424F-7E21-47BF-8235-BF9710F1593C@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/wwHBkPKafhwBhlZ_MnC_XCZsVKM>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Nov 2021 20:13:19 -0000

On 06-Nov-21 01:09, Stewart Bryant wrote:
> 
> 
>> On 5 Nov 2021, at 11:10, Vasilenko Eduard <vasilenko.eduard@huawei.com <mailto:vasilenko.eduard@huawei.com>> wrote:
>>
>> What is important: Enterprises have no clear sign of IPv6 adoption.
>> ND protocol has a heavy influence on this.
>> Of course, ND is not the only reason. But maybe the biggest one.
> 
> Indeed, and I have had a consistent complaint from a British security conscious large private sector technology savvy company, that IPv6 is so much harder to secure than IPv4 they have no interest in moving. I think that part of this is the conflict between the privacy that IPv6 offers and their need to know that *every* packet on their network is entitled to be there doing what it is doing.


You can administratively disable "privacy" (temporary) addresses, but most sites find it safer to perform access control based on MAC addresses. Temporary addresses are intended to confuse the outside world, not the local network operator. They are *intended* to make lawful intercept harder. That's a feature, not a bug. I agree that they also make debugging harder, which may be another reason to disable them.

Complaining about ND seems odd if sites tolerate ARP. Anybody else remember ARP storms? ND was designed to avoid that risk.

All these are FUD arguments used in support of operational inertia.

     Brian

v2.23.0 | Report a Bug | By Email