IETF Logo Mail Archive

Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05

David Farmer <farmer@umn.edu> Sat, 04 May 2019 07:25 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A95E8120006 for <ipv6@ietfa.amsl.com>; Sat, 4 May 2019 00:25:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6fvWJhfTQgd1 for <ipv6@ietfa.amsl.com>; Sat, 4 May 2019 00:25:32 -0700 (PDT)
Received: from mta-p7.oit.umn.edu (mta-p7.oit.umn.edu [134.84.196.207]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 945CD12004C for <ipv6@ietf.org>; Sat, 4 May 2019 00:25:32 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mta-p7.oit.umn.edu (Postfix) with ESMTP id A4E8BC75 for <ipv6@ietf.org>; Sat, 4 May 2019 07:25:31 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p7.oit.umn.edu ([127.0.0.1]) by localhost (mta-p7.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b2purQqbum2K for <ipv6@ietf.org>; Sat, 4 May 2019 02:25:31 -0500 (CDT)
Received: from mail-vk1-f198.google.com (mail-vk1-f198.google.com [209.85.221.198]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p7.oit.umn.edu (Postfix) with ESMTPS id 5C988E2A for <ipv6@ietf.org>; Sat, 4 May 2019 02:25:31 -0500 (CDT)
Received: by mail-vk1-f198.google.com with SMTP id g145so3080966vke.8 for <ipv6@ietf.org>; Sat, 04 May 2019 00:25:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2NPcnOwWMxyM2WKLPtTMxPwTVtnmdKC1EFOgVVWQa/c=; b=P8HEUx655XqMUIXDd6fbHJciYwX/WYcfZijb1AF+aqYQDtB1/nXgGTZq3bTFAyO0Mk 63CKqqOOofE7X6hjYl9g64EW6WHqdTyLVc2iI9KlTXWJVuebiZyl6zxvlmzwNgzCx6dq X90sUZHB8cAwulMViXf7jEUx81DTc4Ujv+XQXrdfjRN6LEc9Ualy0HnCNFE3eLoxU8IJ jqA0OklYwo04Jmtqx58EqWux4eEWsB7tbo/AFYd9fRZgbELhWyW9IFXR8OwrU37lfEyF wGxACiN76DgLotvJczACS/MJ7ZotJLi+ff8nao0Vb+jLbJIeON4f9MpVGc29+0LIK35B Bmfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2NPcnOwWMxyM2WKLPtTMxPwTVtnmdKC1EFOgVVWQa/c=; b=HNase/YKx1f5luFKWQlfnzhTEAkDBeSgWirKHDqM0j+e+t+JOdy2CFOU3ejUHi5TVl Zntglecko8BAzWFZm5QIeaER4bsuSm7xbuWgkkkWNh2rj4S2BJJr7UhynDjLr5Vwj/+d d9ENf88KpoImPSMW6YNjNfSe/n2jV2M4fQXgbk7vo+agOrqGskGBRJL0Lrkqi1k4uI4A /23NoYmgxUmiJgPjHfNkmfRZFyCeI5mKmzZ5pIBvXoRxGjemJLdvuRYibJVRTjss8zCR /79eDIJ0/koNmyKUhDQlaCSKFZH1CHrBbYTCr6H3FVCKvXc/vKTWoNA4uI9HooVW3rTi ywlA==
X-Gm-Message-State: APjAAAVOZ1VojYEV66IqJv91NZ/NltjWJk38Z7ArhvuXHQKoWYNshR5w nqG9L+EW+xUTvT5rY+Qgqgyc6W7bEcK217T8ihd6bWaKTgRyn6woiR076Meritj4rELXZRfaXSo ahPbG5zyDgA7VjYmtg1XpeJA4
X-Received: by 2002:a67:760f:: with SMTP id r15mr8220582vsc.221.1556954730129; Sat, 04 May 2019 00:25:30 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwd49fbDfBpNOHTt9LF1GxDeB4EVbnFBIEO8nE7A7L01C0QIB4zzzlrHqlk/gq/jVd64uGM5h0mv91SGGFlrDM=
X-Received: by 2002:a67:760f:: with SMTP id r15mr8220570vsc.221.1556954729601; Sat, 04 May 2019 00:25:29 -0700 (PDT)
MIME-Version: 1.0
References: <F8BFFCAD-E58E-4736-8A1C-56579B6F6032@employees.org>
In-Reply-To: <F8BFFCAD-E58E-4736-8A1C-56579B6F6032@employees.org>
From: David Farmer <farmer@umn.edu>
Date: Sat, 04 May 2019 02:25:13 -0500
Message-ID: <CAN-Dau2fzxn+EpZ1hN8nBTjzyZFRWoHGGHN8RFcuQr_W4kne=w@mail.gmail.com>
Subject: Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05
To: Ole Troan <otroan@employees.org>
Cc: 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009701b805880ac527"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/71YNhKOy6mxzSZj9VlHp6QR6-fI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 May 2019 07:25:36 -0000

Basically, I support this document, in the near-term, I think it will be
useful in some specialized situations, longer-term it may have more general
applicability.

Below are some issues from my detailed review of the current version, it
has been two or three versions since my last detailed review;

1. In my opinion, the following sentence contradicts part of the
applicability statement. I never really liked the document talking about
unmanaged networks, but I couldn't articulate a reason why, until now. My
recommendation is to remove it

   It may also be valuable on unmanaged networks
   using routers pre-configured for IPv6-Only operations and where Layer
   2 filtering is unavailable.

The following is the portion of the Applicability Statement in question;

   Administrators MUST only use this mechanism if they are certain that
   the link is IPv6-Only.

Unmanaged networks do not usually have an administrator, by definition they
are not managed. I think maybe this was intended to suggest an ISP or CPE
manufacture could ship IPv6-Only CPE with this flag set by default.
However, that would also violate the Applicability Statement, neither the
ISP or CPE manufacture could have the certainty required by the
Applicability Statement that IPv4 is not in use on the local network.

I think the use of this flag on unmanaged networks is ill-advised and
should not be discussed in the document. The trade-offs involved in using
this flag as it is currently designed requires someone, the
administrator, with intimate knowledge of the local network to decide if
this flag should be set or not on the router's link. Discussing the use of
the flag on unmanaged networks implies this level of knowledge may not be
necessary. The remainder of the paragraph already covers "networks without
the ability to filter L2 traffic."

If you intend this flag to be used on unmanaged networks it will need to be
much more automatic, as designed it requires an administrator to decide its
appropriate setting.

It might even be appropriate to add that this flag is only intended for use
on managed networks, that have an administrator, but as long as you don't
mention unmanaged networks, that is good enough for me.

2. I think Section 6 should additionally recommend the use of Router Guard
[RFC6105], it is discussed in the Security Considerations Section, but I
think it should be in Section 6 as well. Without Router Guard an IPv6-Only
network is open to the attack discussed in paragraph 4 (not including the
bullets) of the Security Considerations Section. Therefore, I think the use
of Router Guard should be recommended with normative language in Section 6.

3. In Section 7, paragraph 5 seems to repeat the idea in the last half of
paragraph 3, my recommendation is to delete paragraph 5.

4. Previously I asked for the following (slightly edited) and I don't see
where it has been addressed, nor do I find an email explaining why it was
not addressed. The only email I found was Brian saying "your suggestions
below make sense to me," in my mind that included the following;

Finally how about some additional non-normative discussion about taking
precautions to prevent unsuspecting WiFi users from accidentally connecting
IPv4-Only WiFi hosts to IPv6-Only WiFi links. Possibly by including "IPv6"
or "IPv6-Only" in the name of open SSIDs to help inform unsuspecting WiFi
users, using secured SSIDs to prevent unsuspecting WiFi users from
connecting all, or using 802.11u Access Network Query Protocol (ANQP) with
"Address type available" for IPv6 and "Address type not available" for IPv4
to inform the connecting WiFi host instead of the user. Putting this in an
appendix would be fine with me.

Remember the IETF's own discussions regarding this issue. If the IETF isn't
willing to have its default WiFi be IPv6-only, maybe some caution is
warranted for the general population of the earth. :)

Thanks



On Mon, Apr 29, 2019 at 5:02 AM Ole Troan <otroan@employees.org> wrote:

> At the 6man meeting at IETF 104 in Prague there was support to close the
> working group last call and advance
> draft-ietf-6man-ipv6only-flag-05 to the IESG.
>
> This call is to confirm that decision on the mailing list.
>
> Please give objections and comments to this decision to the mailing list,
> by 2019-05-13.
>
> Best regards,
> Ole, 6man co-chair
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>


-- 
===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email