IETF Logo Mail Archive

Re: I-D Action: draft-ietf-6man-ipv6only-flag-03.txt

神明達哉 <jinmei@wide.ad.jp> Fri, 19 October 2018 18:21 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00D38130DC0 for <ipv6@ietfa.amsl.com>; Fri, 19 Oct 2018 11:21:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.42
X-Spam-Level:
X-Spam-Status: No, score=-0.42 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, FROM_EXCESS_BASE64=0.979, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wuz2JgTT-ffu for <ipv6@ietfa.amsl.com>; Fri, 19 Oct 2018 11:21:13 -0700 (PDT)
Received: from mail-lf1-f42.google.com (mail-lf1-f42.google.com [209.85.167.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9DCE128CE4 for <ipv6@ietf.org>; Fri, 19 Oct 2018 11:21:12 -0700 (PDT)
Received: by mail-lf1-f42.google.com with SMTP id m18-v6so25936244lfl.11 for <ipv6@ietf.org>; Fri, 19 Oct 2018 11:21:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=21a0JnHc+InIzDbdCJ4U8jV+YKr8cqoS4udUyhuLoIY=; b=QVb8IMcBv1VrWGZxQL1fBRWw9y8M6Fb/F8hGyv+5RfwAWkssobFuuRz8LqyBJ1BNLV K/EfCGLLSYRAj9c83nx1Im5ayQQ79kFGMrWbVRwoFKqEBfnBCoXZZe1b/shGrEoftUNh b7W60tfIlgZhRfBD+Sj+PuK6+dVLAHblieJRbxfFei1ZosT3kinx2DNJSJ3XEAlKDBii V+RRsOpiYN2TSzUPJ+b5nHPxunzAmf48qZyKclFXcBIEnYhtorK9SazXT1OUTHti5Dcb TOoIjYpaZuG0nGCPLUhLvJdC/1G4rjEWZbD8jlcBCbfegd7GiCnCt/DToWPV8R6YEsn3 Ns4w==
X-Gm-Message-State: ABuFfojrcgdv1Nnqeil/WURj7wkz1SQzhNSBFVDgS7hUxkeYNISZLq7H AvYOWVPO9/eUe+mGpxO46EM7dYWF0ZosvYEtRV0oWMoo
X-Google-Smtp-Source: ACcGV63krfnc05YJs3x4mJL0i/S9BzJP2MRq8mgEplifmZh86reV57LxUiNJhprnVoWwETt86aBl3hIiuMRRPIREGVk=
X-Received: by 2002:a19:6803:: with SMTP id d3-v6mr3811456lfc.45.1539973270455; Fri, 19 Oct 2018 11:21:10 -0700 (PDT)
MIME-Version: 1.0
References: <153973137181.9473.10666616544238076833@ietfa.amsl.com> <092346e1-6350-e54e-e711-9c5ee6dc4e6b@gmail.com> <CAFU7BASO_ByzbanhLKnWV280O_fASd-8W+ujpj3sN6d2-whw2w@mail.gmail.com> <CACWOCC-u7aAPwAOcixYvt2On=-o_8X25GhqdXTfA+tWRC1o2XA@mail.gmail.com>
In-Reply-To: <CACWOCC-u7aAPwAOcixYvt2On=-o_8X25GhqdXTfA+tWRC1o2XA@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
Date: Fri, 19 Oct 2018 11:20:58 -0700
Message-ID: <CAJE_bqeF4xx6BkuYNDJJGQazBNsyq0g6=jVaffRJ6jVW=BoGMw@mail.gmail.com>
Subject: Re: I-D Action: draft-ietf-6man-ipv6only-flag-03.txt
To: Job Snijders <job@ntt.net>
Cc: IPv6 IPv6 List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bfcbb3057898f7a7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/BUrRPU0cMyvmyqiWCC1zYk7vSqM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 18:21:15 -0000

At Fri, 19 Oct 2018 14:35:34 +0200,
Job Snijders <job@ntt.net> wrote:

> I think it would be good to have some running code before advancing this
to
> IESG review and RFC publication. I don’t mean someone being able to send
> the flag in a RA, but an operating system reacting to receiving a RA with
> the flag set.
>
> Operating system implementers will be able to provide valuable feedback to
> the working group on how to mitigate risk for some of the suspected attack
> vectors - and it’ll be educational to see how this works in practice. I
> think running code will improve this specification.

I tend to agree.

If I recall the discussion in this group accurately, I've not yet seen
a host OS implementor interested in implementing this idea, while they
should be one of the primary stake holders who can benefit from this
option.  In fact, some implementors were even explicitly negative
about it.

IMO this is not a good sign, and suggests we might be developing
something useless at best, or harmful at worst.  I've seen the usual
response to that concern: "we IETF can't enforce developers to
implement anything; all we can do is to write a good protocol
specification and let the market decide".  That may be true in the
end, but I'm not comfortable with accepting the argument without even
seeing an attempt of actually implementing and running the proposal.

I guess we can also learn from the "DNS camel" discussion held in the
London meeting in March:
https://datatracker.ietf.org/meeting/101/materials/slides-101-dnsop-sessa-the-dns-camel-01
I'm afraid that mainly "standardizers" (see p.24 of the slides)
drive the discussion toward publication right now, while developers
and (at least some) operators raise concerns.  In my past experiences,
that's often a sign of having troubles in the future, when the latter
group of people will have to deal with them, while the "standardizers"
are now more interested in developing the next cool thing.  Hopefully
I'm wrong this time, but to be proved incorrect I'd like to see more
concrete evidences with running code and experiments, rather than just
having email discussions which are often hypothetical and where anyone
can validly make their arguments.

--
JINMEI, Tatuya

v2.23.0 | Report a Bug | By Email