IETF Logo Mail Archive

Re: [Int-area] [arch-d] Is IPv6 End-to-End? R.I.P. Architecture? (Fwd: Errata #5933 for RFC8200)

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 28 February 2020 13:32 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E6803A180C; Fri, 28 Feb 2020 05:32:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.398
X-Spam-Level:
X-Spam-Status: No, score=-1.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gBCk5zwdY1K8; Fri, 28 Feb 2020 05:32:08 -0800 (PST)
Received: from mail-oi1-f169.google.com (mail-oi1-f169.google.com [209.85.167.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B711A3A180B; Fri, 28 Feb 2020 05:32:07 -0800 (PST)
Received: by mail-oi1-f169.google.com with SMTP id d62so2799164oia.11; Fri, 28 Feb 2020 05:32:07 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LrjM6SvH0asz17Wmj/mbfchzddYXf9LWg9KhAWOzBLc=; b=W8wjeW/68R97zAqsK7yDSpo9gQCmwdKvtpYiyUo0uT4PiI1A2xVtOGY2o6F57/Jfza cIGaJj/edexNLcUE+6R/bcqe3aptoKJWtOj/xV73mEV0POYFdfDBV89T0LePR6UnsPJ7 S/Cpo/moWmR9w0Qp/Orkm568WyYcU8A8AKJoPB0JQ6IgffIVeO0sjEGdhbPcnrcTYDcN 7HoQ6LruZ7jkvfm1XwOocfpMoZkh1e/B25gkOVkA/on+dpt03Uvg3EBbfrzPA4zO+xzj wZNXCBE4mezWWs3W3IwsQTb1erJyQgssieH43+kLsdtzFxnK3/HpBKKkKxCn6nBHg2Nc uGWg==
X-Gm-Message-State: APjAAAUKU9W0P+l82M81wOpcnTyab076IilSkayhudjYhUXZFPZ+ldWb X8OgX0qiR31Mup8AQDdl/+NntQ71F8nIdLLdcupwlBhiNVo=
X-Google-Smtp-Source: APXvYqxJFbIWZq3IUws94GGqnUFuRfPN0FM9hKHcDKT51WZlsMjS/zzTQVyZD8K9S817HXWWBfowM9CD9n43RB75V4Q=
X-Received: by 2002:aca:cf94:: with SMTP id f142mr3042599oig.31.1582896726892; Fri, 28 Feb 2020 05:32:06 -0800 (PST)
MIME-Version: 1.0
References: <876c9105-3da4-e614-2db0-bea025b54663@si6networks.com> <7749f91f-03f1-cc14-bae8-5fe68c88879f@si6networks.com> <CALx6S36wN7VEi_rxLC1ETcTvkGaPhs20KhQrGWAGGTrCL5OT+g@mail.gmail.com> <CAMm+Lwg+4xMv=EKLfvmZMCgrQz31+38Fv0bYKeJ0fTB5vbXiaw@mail.gmail.com> <8d3e7b714666db00e0c05a2e06959da6@strayalpha.com> <CAMm+LwjYeSTro_TJujtRPDfVKtVMg7JbDL6A5V3Tj447c2E7nA@mail.gmail.com> <74763844-FA56-43DC-981E-E366E2C24758@strayalpha.com>
In-Reply-To: <74763844-FA56-43DC-981E-E366E2C24758@strayalpha.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 28 Feb 2020 08:31:55 -0500
Message-ID: <CAMm+LwjeWXUmOEzvbUhrG1H8OMqG9EhcF3TzdZBA61LnySSPqw@mail.gmail.com>
To: Joseph Touch <touch@strayalpha.com>
Cc: Tom Herbert <tom@herbertland.com>, Internet Architecture Board <iab@iab.org>, architecture-discuss@iab.org, Internet Area <int-area@ietf.org>, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001f647e059fa2ddf3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/-gpuVumW743bmP__P2Qhod5MuqA>
Subject: Re: [Int-area] [arch-d] Is IPv6 End-to-End? R.I.P. Architecture? (Fwd: Errata #5933 for RFC8200)
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 13:32:10 -0000

On Thu, Feb 27, 2020 at 11:36 PM Joseph Touch <touch@strayalpha.com> wrote:

>
>
> On Feb 27, 2020, at 4:21 PM, Phillip Hallam-Baker <phill@hallambaker.com>
> wrote:
>
> IP end to end does not mean the IP address is constant end to end. It
>> never has meant that and never will.
>>
>>
>> Actually, that's the only thing it ever meant and always will. When
>> addresses change, *by definition*, the*ends* change (and yes, that's what
>> NATs do - they create end-to-end CONTENT transfer over separate end-to-end
>> Internets).
>>
>
> By whose definition? Not by mine.
>
>
> I’d start with RFCs 791 and 1122, but there’s also the pseudo header in
> RFC 793, to be very specific.
>
> TCP and TLS give me a reliable end-to-end stream. The fact that the IP
> address is exposed is merely an unfortunate defect in the legacy APIs.
>
> As the application layer designer, I am the customer here. I do not care
> about the IP address.
>
>
> Hmmm. By what value do you call  TCP endpoint?
>
> You must have magic sockets that don’t actually refer to IP addresses.
>

I have a library that implements RFC6763. So my application code doesn't
actually consider IP addresses.

Since the platform doesn't provide real DNS resolution, I have to write my
own of course. And I will be putting DNSSEC in there at some point
probably. But it is a feature set that should be in the platform.

At some point, I am going to have to look at implementing TURN/STUN/PCP
etc. for NAT traversal. That certainly isn't application layer code.

So as far as i am concerned, I am resolving a triple of SRV prefix, DNS
name and account name to a socket.

The only case in which my application code would deal in a raw IP address
and port is if the resolution is delegated to an external presence service.
If Alice is trying to make a person-person call to Bob, we may want to
route the packets direct. So there has to be some sort of presence service
in the cloud to set up the connection which is going to end up telling one
of them to place a call for an IP address/port and the other of them to
listen for the incoming.


The test of this design is straightforward, all the proposals for DNS
privacy etc. sit inside the library. I can drop out regular client DNS for
DPRIV. Or I can use my omnibroker version which makes use of the RFC6763
interface.

Abstracting away from TLS and UDP means I can adapt to new transports like
QUIC very easily. For certain types of message, I have my own UDP based
transport. Most cryptographic service transactions consist of a single
request packet followed by one to a dozen response packets. That sits in
the same box.


It really isn't 'magic', it is just understanding that this is platform
code not application code.

We do not have 'layers' in the Internet architecture but we have modules
that we call layers. And those layers have interfaces to the layers above
and beneath them that are mediated by a naming infrastructure. And we
should be really explicit about what those interfaces are because they have
to be stable over long periods of time.

v2.23.0 | Report a Bug | By Email