Re: IPv6 only host NAT64 requirements?

Ole Troan <otroan@employees.org> Tue, 14 November 2017 00:34 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14D3B128954 for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 16:34:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5z8KhMGqTPf7 for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 16:34:40 -0800 (PST)
Received: from accordion.employees.org (accordion.employees.org [198.137.202.74]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99CB21200CF for <ipv6@ietf.org>; Mon, 13 Nov 2017 16:34:40 -0800 (PST)
Received: from h.hanazo.no (dhcp-9240.meeting.ietf.org [31.133.146.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by accordion.employees.org (Postfix) with ESMTPSA id 1C2692D50CE; Tue, 14 Nov 2017 00:34:40 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by h.hanazo.no (Postfix) with ESMTP id 815F6200C08CDD; Tue, 14 Nov 2017 08:34:16 +0800 (+08)
From: Ole Troan <otroan@employees.org>
Message-Id: <9620CE6D-6364-41E9-A43D-AF0690D2A5F4@employees.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_B263468C-9C2E-4785-89C2-2D6F0CF95384"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\))
Subject: Re: IPv6 only host NAT64 requirements?
Date: Tue, 14 Nov 2017 08:34:15 +0800
In-Reply-To: <c7987f0a-9fb9-0311-b017-2b230a21bd1d@gmail.com>
Cc: Philip Homburg <pch-ipv6-ietf-4@u-1.phicoh.com>, 6man WG <ipv6@ietf.org>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
References: <6755862C-AA12-45B4-98B8-EF6D9F90898B@employees.org> <CAD6AjGRhn80LUJrut4ebDKPfFkdu3ySN8fjH_JvCjSNA-_tfYw@mail.gmail.com> <m1eEGlw-0000FsC@stereo.hq.phicoh.net> <c7987f0a-9fb9-0311-b017-2b230a21bd1d@gmail.com>
X-Mailer: Apple Mail (2.3445.4.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/-A9zgTuD1H_-BmDkkFmX_u0l8BY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 00:34:42 -0000

Brian,

>>> I am not optimistic on the demand / need / value of dnssec in any scenario
>>> ....let alone an ipv6-only host validating an ipv4-only dns name. If the
>>> folks operating this service cared, they could operate the server with
>>> signed v6 names.  It is more reasonable in todays internet to asked the
>>> server (lets assume most signed name scenarios are servers) to be setup
>>> right (with v6). There is not a compelling reason why having v6 is
>>> unattainable today for named nodes.
>> 
>> DNSSEC is something that works today.
> 
> This is not the impression I get from attending IEPG meetings
> and chatting in the corridors at the IETF. Also, we knew throughout
> the development of NAT64/DNS64 that DNSSEC was a major stumbling block.
> I don't think it is a good idea to entangle RFC6434bis with that issue.

What's the DNSSEC major stumbling block?

Ole