Re: IPv6 only host NAT64 requirements?

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Mon, 13 November 2017 03:58 UTC

Return-Path: <prvs=149031125e=jordi.palet@consulintel.es>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F74A129445 for <ipv6@ietfa.amsl.com>; Sun, 12 Nov 2017 19:58:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es; domainkeys=pass (1024-bit key) header.from=jordi.palet@consulintel.es header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s9h5nFxn00vO for <ipv6@ietfa.amsl.com>; Sun, 12 Nov 2017 19:58:51 -0800 (PST)
Received: from mail.consulintel.es (mail.consulintel.es [217.126.185.215]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F712126DCA for <ipv6@ietf.org>; Sun, 12 Nov 2017 19:58:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1510545528; x=1511150328; q=dns/txt; h=DomainKey-Signature: Received:User-Agent:Date:Subject:From:To:Message-ID:Thread-Topic: References:In-Reply-To:Mime-version:Content-type: Content-transfer-encoding:Reply-To; bh=7i3v3uB9yT2pZ8zK08NhYs3u3 BURbU9ntfYl5W4E9wo=; b=orLxcXxFM9XBqZG5+Q+AQhywcYyDtrkbCBm+tnqsf WCcgWuYfkG6lhPwB8roT8uKeFNWH9n3Fr9QzNrmXMZgDTdjK6By40BKAVLhRUeln SR4i0kcOScFubpxYRn7ELwTqsdeKezey9LUBSYcWJPETsoFW/xYXYeHK/+v3koV4 Bg=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=consulintel.es; c=simple; q=dns; h=from:message-id; b=C64aFtQJvx7IMU9LWRKx745LLQO8qXeu/uoTiRztrhtdyzP2Aw7lxdF6UXuD YVPof/b9/P5wXY8gNNg/jIQiNsoDxlHXJhUP1wEobA+nJpGEuezRuPxvu jgQmA4Uh6L5OCj3BQy7mLxcuWa4z9i1rYqX+7GwYi578iyz0eVVw0I=;
X-MDAV-Processed: mail.consulintel.es, Mon, 13 Nov 2017 04:58:48 +0100
X-Spam-Processed: mail.consulintel.es, Mon, 13 Nov 2017 04:58:47 +0100
Received: from [172.20.60.10] by mail.consulintel.es (MDaemon PRO v11.0.3) with ESMTP id md50005622213.msg for <ipv6@ietf.org>; Mon, 13 Nov 2017 04:58:47 +0100
X-MDOP-RefID: re=0.000,fgs=0 (_st=1 _vt=0 _iwf=0)
X-Authenticated-Sender: jordi.palet@consulintel.es
X-HashCash: 1:20:171113:md50005622213::V9+qtilAkUZXl/fZ:00000VzP
X-Return-Path: prvs=149031125e=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: ipv6@ietf.org
User-Agent: Microsoft-MacOutlook/f.27.0.171010
Date: Mon, 13 Nov 2017 11:58:22 +0800
Subject: Re: IPv6 only host NAT64 requirements?
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: 6man WG <ipv6@ietf.org>
Message-ID: <B84A189C-AC6A-407B-B1E3-B5EACA4F66FB@consulintel.es>
Thread-Topic: IPv6 only host NAT64 requirements?
References: <6755862C-AA12-45B4-98B8-EF6D9F90898B@employees.org>
In-Reply-To: <6755862C-AA12-45B4-98B8-EF6D9F90898B@employees.org>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Reply-To: jordi.palet@consulintel.es
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/AFkZDMRVxtM-WRluCtLWmzE2eD4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 03:58:53 -0000

Hi Ole,

I was also thinking on this yesterday after the hackathon and I thing from that talk it is obvious that I will support that.

Also thought about this:

Could the “IPv6 node requirements document” include also a consideration for the same you mention here, in case there is IPv4-only in a dual-stack LAN with IPv6-only access?

I’m almost sure that this is out of the scope of the 6man charter, but I also feel that this is somehow our job … alternatively what is the correct place to do that? May be a new sunset4 document? Or int-area? The point here is an IPv4-only host being used in a network using IPv6-only for the access ...

Regards,
Jordi
 

-----Mensaje original-----
De: ipv6 <ipv6-bounces@ietf.org>; en nombre de Ole Troan <otroan@employees.org>;
Responder a: <otroan@employees.org>;
Fecha: lunes, 13 de noviembre de 2017, 11:46
Para: 6man WG <ipv6@ietf.org>;
Asunto: IPv6 only host NAT64 requirements?

    At the hackathon there was quite a bit of testing of IPv6 only hosts with access to the IPv4 network via a NAT64.
    
    While many applications work well on a classic IPv6 only host, there are a few things required to make all applications work.
    
    - Must be able to do NAT64 prefix discovery (RFC6052)
    - Synthesise IPv6 address from an IPv4 literal (RFC7050)
    
    This is to be able to deal with IPv4 address literals. Which are common in protocols like SIP/ICE/STUN.
    These can be implemented directly in applications, or it can be implemented in the host stack (although application might still have to change).
    
    - Should do local DNS64 to support DNSSEC (RFC6147)
(if you do validation).
    
    A DNS64 service in the network looks like a man in the middle attack, so to support DNSSEC, validation should happen before synthesizing, and must be done on the host itself.
    
    If this is the direction we want to go. Encourage IPv6 only host deployments (as opposed to dual stack hosts), are these requirements we'd like to add to the IPv6 node requirements document? Somewhere else?
    
    Best regards,
    Ole
    
    
    --------------------------------------------------------------------
    IETF IPv6 working group mailing list
    ipv6@ietf.org
    Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
    --------------------------------------------------------------------
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.