IETF Logo Mail Archive

Re: [Int-area] Is IPv6 End-to-End? R.I.P. Architecture? (Fwd: Errata #5933 for RFC8200)

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 28 February 2020 00:27 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E38743A0A0D; Thu, 27 Feb 2020 16:27:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.395
X-Spam-Level:
X-Spam-Status: No, score=-1.395 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U7KiLbfJ_Jn5; Thu, 27 Feb 2020 16:27:54 -0800 (PST)
Received: from mail-ot1-f46.google.com (mail-ot1-f46.google.com [209.85.210.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEEDD3A0A11; Thu, 27 Feb 2020 16:27:54 -0800 (PST)
Received: by mail-ot1-f46.google.com with SMTP id h9so993814otj.11; Thu, 27 Feb 2020 16:27:54 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=I7EJiQgN10DRsEZihzbK4/8wIKUvJXpq/NcQY7yOPm8=; b=ZdWyUPsxhdjHRAvTQi/7yxl6ahMLmqMrHS2aan7+ZcRF1oXH+gHCYiGGaqBiKUdz9T t0WEKljtP8IKELqtIZkygOV7PHS50OacG0DIoosTIb54+/pMFr8L2sh+Cl0IN1Wee3WC Fn03t7Z6wZgng7PFY0lZdvLtH82Im4HeLBgnk84t2JONycZaZzU5X6WsDm2QKKR1k0jp /sXdQp2yeO5j0f48DB2EWsD4QjIYWUhoC43Fv22djA4H82vbyk1csb3PAQ+owY2y9QLi MXdWmk0P5sDzQzQTRrVvZvueU0OyGiKuWadAt6o+H8Gu59GlApBGgPl7xz0hqx9/FHF0 bgeA==
X-Gm-Message-State: APjAAAX6fJnW+efYrxatdD3hXjvFTtIsqJrDxAZT6w1Aer9XRdlKAnPm dR4l13yPE8hIo1Ol4kHKEhSXsZ/4TTKLwu2aFLk=
X-Google-Smtp-Source: APXvYqy94Szh5ibyPFdBR0boturKsH4XJ2TOQFFt+ethUyiquKeIaR82xdYUA+SzeUF0P25nx1T2Gwa1OaJGFzE1ouU=
X-Received: by 2002:a05:6830:154a:: with SMTP id l10mr1276285otp.44.1582849673998; Thu, 27 Feb 2020 16:27:53 -0800 (PST)
MIME-Version: 1.0
References: <876c9105-3da4-e614-2db0-bea025b54663@si6networks.com> <7749f91f-03f1-cc14-bae8-5fe68c88879f@si6networks.com> <CALx6S36wN7VEi_rxLC1ETcTvkGaPhs20KhQrGWAGGTrCL5OT+g@mail.gmail.com> <CAMm+Lwg+4xMv=EKLfvmZMCgrQz31+38Fv0bYKeJ0fTB5vbXiaw@mail.gmail.com> <CALx6S36QNm4fjWMefCr2qOPvm3QwnFmj__Sqdu3NrDMNepXYQg@mail.gmail.com>
In-Reply-To: <CALx6S36QNm4fjWMefCr2qOPvm3QwnFmj__Sqdu3NrDMNepXYQg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 27 Feb 2020 19:27:41 -0500
Message-ID: <CAMm+LwhMxUBZ-OUHVX5JgYWYbdj-fzhkqPa310uvEkBfNk3LLA@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
Cc: Fernando Gont <fgont@si6networks.com>, architecture-discuss@iab.org, Internet Architecture Board <iab@iab.org>, Internet Area <int-area@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008d348d059f97e816"
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/huTNJM_dcQ0xoVdbWApsNUmSGwA>
Subject: Re: [Int-area] Is IPv6 End-to-End? R.I.P. Architecture? (Fwd: Errata #5933 for RFC8200)
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 00:27:56 -0000

On Thu, Feb 27, 2020 at 5:44 PM Tom Herbert <tom@herbertland.com> wrote:

>
>
> On Thu, Feb 27, 2020, 2:26 PM Phillip Hallam-Baker <phill@hallambaker.com>
> wrote:
>
>> On Thu, Feb 27, 2020 at 5:09 PM Tom Herbert <tom@herbertland.com> wrote:
>>
>>> Fernando,
>>>
>>> I think we need to be careful that IETF is labeled as a collection of
>>> inflexible architectural purists. We know that standards conformance
>>> is voluntary and we haven't seen the last time that someone, possibly
>>> even a major vendor, will circumvent the system for their own
>>> purposes.
>>>
>>
>> IP end to end does not mean the IP address is constant end to end. It
>> never has meant that and never will. An IP address is merely a piece of
>> data that allows a packet to reach its destination. There is no reason to
>> insist on it remaining constant along the path.
>>
>> The sooner people get over that fact the better.
>>
>> If an IPv4 device interacts with an IPv6 device, there will be address
>> translation going on somewhere along the path. That is inevitable.
>>
>> We discovered that there were good reasons for NATing IPv4 besides
>> address multiplexing. The topology of my network is none of your business.
>>
>> More generally, Internet standards only apply to the Inter-net, the
>> network of networks. What happens inside the networks at either end is for
>> the owners of those networks to decide. If we go back to the original
>> Internet design, they didn't even need to run IP. IP end to end come later.
>>
>> So let us stop being dogmatic about things that don't actually matter.
>> The only job of the network layer is to get packets from one end to
>> another. The only job of the transport layer is to provide reliable
>> streams. An application protocol that depends on the IP address remaining
>> constant end to end is a bad protocol and should be rejected.
>>
>
> So Authentication Header and any other sort of Inetwork layer
> authentication are bad protocols that should be rejected?
>

The IPSEC authentication header is a complete failure of design. It is the
reason IPSEC doesn't work in the real world and has been replaced by SSH.

Stuff that doesn't work in the real world is just bad and should be
rejected. I remember the security ADs of the time smirking as they said
IPSEC not working with NAT represented a feature, not a bug. They were
wrong then and you are wrong now.

v2.23.0 | Report a Bug | By Email