IETF Logo Mail Archive

Re: [arch-d] [Int-area] Is IPv6 End-to-End? R.I.P. Architecture? (Fwd: Errata #5933 for RFC8200)

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 28 February 2020 00:21 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B60E3A09EC; Thu, 27 Feb 2020 16:21:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.395
X-Spam-Level:
X-Spam-Status: No, score=-1.395 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sq9BlNsqSwzn; Thu, 27 Feb 2020 16:21:56 -0800 (PST)
Received: from mail-ot1-f47.google.com (mail-ot1-f47.google.com [209.85.210.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D04AF3A09EE; Thu, 27 Feb 2020 16:21:55 -0800 (PST)
Received: by mail-ot1-f47.google.com with SMTP id r16so1036701otd.2; Thu, 27 Feb 2020 16:21:55 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gSix1Je2Q0HDku6KA0XkNiXjesG5r3+iNEkHOUGpkL4=; b=Fb4mtgsHdHLt8neT/Bclicu2Wcyq59d0c//D46iMU2QVwipJwgdpShVwlc+ds6/gjF FUf7MMsF/KThwz0JYMyX7nRRjKN7IJwncQxAj0rwrEam/GYjou4T/MSqv+kF/uaqtdRw SVmKT+7tpy5brFY0IQKGgJWjbItjw4nk+uqTlvB0itaAeeE/dgvpACiQ85bIMgfGw1oA G6NoPStHOtHrk0quySd+QpjZ3QgX/htxYZMwQde5YrNB7bnfmT5xrNEW/H2b0mTHIRE1 scgGPzxMK1PWAW2oBpEePQiDPYKh14ws7LzXey7pptHmkCygPrSs+1YK5DzyGcV/3G2e vR3g==
X-Gm-Message-State: APjAAAXRnAQhXgaoQWSsiaKFK2Ga6M7V+K5RzRisuh+dACp7d0FMiquf RVbnMHRlu8eacSmzS3Chcsdtl+s1rHNJYDvAp6I=
X-Google-Smtp-Source: APXvYqxBUMJcKlFspbLfW6QoiVgoDqAqJ/ynSIxRU1ixeQiVoigGpL4kUQmY8H6NLy0gG6lU+nZeEoBykNCBD0hccmM=
X-Received: by 2002:a05:6830:1305:: with SMTP id p5mr1166669otq.124.1582849315120; Thu, 27 Feb 2020 16:21:55 -0800 (PST)
MIME-Version: 1.0
References: <876c9105-3da4-e614-2db0-bea025b54663@si6networks.com> <7749f91f-03f1-cc14-bae8-5fe68c88879f@si6networks.com> <CALx6S36wN7VEi_rxLC1ETcTvkGaPhs20KhQrGWAGGTrCL5OT+g@mail.gmail.com> <CAMm+Lwg+4xMv=EKLfvmZMCgrQz31+38Fv0bYKeJ0fTB5vbXiaw@mail.gmail.com> <8d3e7b714666db00e0c05a2e06959da6@strayalpha.com>
In-Reply-To: <8d3e7b714666db00e0c05a2e06959da6@strayalpha.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 27 Feb 2020 19:21:43 -0500
Message-ID: <CAMm+LwjYeSTro_TJujtRPDfVKtVMg7JbDL6A5V3Tj447c2E7nA@mail.gmail.com>
Subject: Re: [arch-d] [Int-area] Is IPv6 End-to-End? R.I.P. Architecture? (Fwd: Errata #5933 for RFC8200)
To: Joe Touch <touch@strayalpha.com>
Cc: Tom Herbert <tom@herbertland.com>, Internet Architecture Board <iab@iab.org>, architecture-discuss@iab.org, Internet Area <int-area@ietf.org>, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000292c16059f97d302"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/yK4necPqt83IJ1RUOlEfST0ly94>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 00:21:58 -0000

On Thu, Feb 27, 2020 at 5:47 PM Joe Touch <touch@strayalpha.com> wrote:

> On 2020-02-27 14:26, Phillip Hallam-Baker wrote:
>
> On Thu, Feb 27, 2020 at 5:09 PM Tom Herbert <tom@herbertland.com> wrote:
>
>> Fernando,
>>
>> I think we need to be careful that IETF is labeled as a collection of
>> inflexible architectural purists. We know that standards conformance
>> is voluntary and we haven't seen the last time that someone, possibly
>> even a major vendor, will circumvent the system for their own
>> purposes.
>
>
> IP end to end does not mean the IP address is constant end to end. It
> never has meant that and never will.
>
>
> Actually, that's the only thing it ever meant and always will. When
> addresses change, *by definition*, the*ends* change (and yes, that's what
> NATs do - they create end-to-end CONTENT transfer over separate end-to-end
> Internets).
>

By whose definition? Not by mine.

TCP and TLS give me a reliable end-to-end stream. The fact that the IP
address is exposed is merely an unfortunate defect in the legacy APIs.

As the application layer designer, I am the customer here. I do not care
about the IP address.



> ..
> We discovered that there were good reasons for NATing IPv4 besides address
> multiplexing. The topology of my network is none of your business.
>
>
> Agreed; there's nothing that forces you to use IP addresses in a way that
> exposes your topology (you're free to build a net using host routing). That
> has nothing to do with NAT.
>
> I have not found a rationale for NATs that doesn't start and end with a
> business model where servers are charged business rates and clients are
> charged customer rates. Everything else about NATs either isn't a NAT
> property (hiding topology) or can be achieved by a stateful firewall (that
> predates NATs by a decade, e.g. that lets outgoing connections go through
> but not incoming).
>

Then you have had a remarkably sheltered upbringing.

Concealing details of the internal network structure is only common sense.



>
>
> More generally, Internet standards only apply to the Inter-net, the
> network of networks. What happens inside the networks at either end is for
> the owners of those networks to decide. If we go back to the original
> Internet design, they didn't even need to run IP. IP end to end come later.
>
>
> That's true, but then their "end" on the public Internet would be the
> firewall or NAT box at their edge.
>

There isn't a single 'end' in a protocol which is one of the reasons
end-to-end security has been done so badly. If Alice sends Bob a business
email, we have the following ends:

1) Application layer: SUBMIT Client -> SUBMIT Service, SMTP Client -> SMTP
Service, IMAP Client -> IMAP Service.
2) Message layer: Alice Email client -> Bob Email Client
3) Trust: Alice's employer <-> Bob's employer

Feel free to introduce extra ends if you like, it is irrelevant to my
concerns at the application layer.



>
>
> So let us stop being dogmatic about things that don't actually matter. The
> only job of the network layer is to get packets from one end to another.
> The only job of the transport layer is to provide reliable streams. An
> application protocol that depends on the IP address remaining constant end
> to end is a bad protocol and should be rejected.
>
>
> That's a very OSI view of protocols - about as out-dated and about as
> useful., IMO. Every layer of the stack might be involved in any function;
> anything that claims a single layer owns a single job hasn't existed since
> at least IP over IP.
>

The notion of encapsulation has been established in the object oriented
programming world for decades. The notion that the application program
should be abstracted from the transport and network layer is hardly a
controversial one.

As for OSI, I would not know as I have not made a detailed study of it. It
is not a model I find interesting as it doesn't describe the role of the
naming systems and it isn't able to describe systems like SDN and VPN which
we make use of.

v2.23.0 | Report a Bug | By Email