Re: IPv6 only host NAT64 requirements?

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 14 November 2017 02:01 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61D3B1270A3 for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 18:01:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9NRsQDOWLZqr for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 18:01:06 -0800 (PST)
Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com [IPv6:2607:f8b0:400e:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEDA81200C5 for <ipv6@ietf.org>; Mon, 13 Nov 2017 18:01:05 -0800 (PST)
Received: by mail-pf0-x22e.google.com with SMTP id l24so810570pfj.6 for <ipv6@ietf.org>; Mon, 13 Nov 2017 18:01:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=9jpJrbOPdmMT8+cwALiptzfjx+ClnX/nfvEClZEG7Dk=; b=ZIxYHBrcG93s0Ep/bPoNidXv71abSK11GiM9RXiSWpGYDvT8B8FwH1clv+h/vvhkV4 Tx9NXbyLUffgQqXEJsBDDBcr1GCe2CUwRM8Tji0LsnLKpqraUckLWbpOI2HFL56N37+n 5lB/uQW/+8Xle5TsXFSXm78qZ8u1ZB6YzJAKrO9fMJLNkKq1XALaSZDZIlj8MD7ZUnCy Zj3F4lNZ29EW9l2szazU3EMs2tBYWjOprCz0O/cw3Rrsx+uV/5mxlt8/9pal7TAV8/00 2XtfX+pAv7grjqEfk153/dbbvuczcEuTa90KQYQpw3RvQQu6CcfhpZAjZK0qxK60Awiv gvmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=9jpJrbOPdmMT8+cwALiptzfjx+ClnX/nfvEClZEG7Dk=; b=bQaEWq9NqzZaGBwTh0dZ8eAnCiZzp6iltekWt0vSKapBwcxPz3jpBHlKf6wneytuEh 909MZsOIVJ4kf9A0S7Hw2U3NTx9674KQNvdQB0iPlrA8xib6hauOaePgq8qSQEn/5tsy X8qHRjABSPF1HSNb20/XrrS26kD6oYSYUO/lhQfGbAfkAxgUNt9Ms+b/P4ddFFh+9vbj GK8oXaeLk3UOCuD/tfADOPrY6wD/tpN8oZsNXJaaDJ7pd5ERus1pINwNph22ZkP7I8zs cd5tWXWIQqmVA+is6KNAAHZv55IZb5GJ0E4R9+qdg1CAWhiU6c9czOQI7/8O8gRHLBKC VCGw==
X-Gm-Message-State: AJaThX7sbx6xXcU+WMRHPlB8G6M9wS2vxF2YBCOQfJ6Vaf+giIit36An WFq5gcB6NeIhr3PriIX+TuG24BbE
X-Google-Smtp-Source: AGs4zMZhCDHkYTNnqaBz8Ue8u/j2wYRNdN0NE/r5h6/eUbcqauzuxQNnRGfeZeM+AhSaaPrcSQgBew==
X-Received: by 10.84.254.78 with SMTP id a14mr10600509pln.353.1510624864947; Mon, 13 Nov 2017 18:01:04 -0800 (PST)
Received: from ?IPv6:2001:67c:370:1998:28cc:dc4c:9703:6781? ([2001:67c:370:1998:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id v9sm24254386pfg.85.2017.11.13.18.01.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Nov 2017 18:01:04 -0800 (PST)
Subject: Re: IPv6 only host NAT64 requirements?
To: Ole Troan <otroan@employees.org>
Cc: Philip Homburg <pch-ipv6-ietf-4@u-1.phicoh.com>, 6man WG <ipv6@ietf.org>
References: <6755862C-AA12-45B4-98B8-EF6D9F90898B@employees.org> <CAD6AjGRhn80LUJrut4ebDKPfFkdu3ySN8fjH_JvCjSNA-_tfYw@mail.gmail.com> <m1eEGlw-0000FsC@stereo.hq.phicoh.net> <c7987f0a-9fb9-0311-b017-2b230a21bd1d@gmail.com> <9620CE6D-6364-41E9-A43D-AF0690D2A5F4@employees.org> <1bcc9417-6f00-48ac-b9ef-0317f6f43a56@gmail.com> <39CD5C15-5A9E-4CD5-BE89-890EAF516E22@employees.org>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <b5ea6fed-d134-b641-d57d-b781dbc2ddb3@gmail.com>
Date: Tue, 14 Nov 2017 15:01:02 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <39CD5C15-5A9E-4CD5-BE89-890EAF516E22@employees.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/DgkY7kwpBNZ7egMxB-rGJQAq3t0>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 02:01:11 -0000

On 14/11/2017 14:03, Ole Troan wrote:
> Brian,
> 
>>>>>> I am not optimistic on the demand / need / value of dnssec in any scenario
>>>>>> ....let alone an ipv6-only host validating an ipv4-only dns name. If the
>>>>>> folks operating this service cared, they could operate the server with
>>>>>> signed v6 names.  It is more reasonable in todays internet to asked the
>>>>>> server (lets assume most signed name scenarios are servers) to be setup
>>>>>> right (with v6). There is not a compelling reason why having v6 is
>>>>>> unattainable today for named nodes.
>>>>>
>>>>> DNSSEC is something that works today.
>>>>
>>>> This is not the impression I get from attending IEPG meetings
>>>> and chatting in the corridors at the IETF. Also, we knew throughout
>>>> the development of NAT64/DNS64 that DNSSEC was a major stumbling block.
>>>> I don't think it is a good idea to entangle RFC6434bis with that issue.
>>>
>>> What's the DNSSEC major stumbling block?
>>
>> I pass. Try asking Geogg Huston, for example.
> 
> As far as I understand it, DNSSEC has deployment issues, which are comparable for the DNS64 and non-DNS64 case.
> 
> https://tools.ietf.org/html/rfc6147#section-3
> https://tools.ietf.org/html/rfc7050#section-3

My understanding during the BEHAVE discussions was that
the gymnastics required in the resolver code in a host
were considerably more complex in the NAT64/DNS64 case than
in any other.
 
> But I will leave someone who knows DNS to give a definite answer to that.

Yes, that would be very helpful.

> If I understand what people are telling me correctly, your statement "major stumbling block" is not correct.

It would be nice if you are correct.

    Brian