IETF Logo Mail Archive

Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05

Gyan Mishra <hayabusagsm@gmail.com> Fri, 03 May 2019 22:53 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 948BF1202FB for <ipv6@ietfa.amsl.com>; Fri, 3 May 2019 15:53:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tt8MZ8ibu1Sy for <ipv6@ietfa.amsl.com>; Fri, 3 May 2019 15:53:39 -0700 (PDT)
Received: from mail-it1-x134.google.com (mail-it1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D0BC12030F for <ipv6@ietf.org>; Fri, 3 May 2019 15:53:38 -0700 (PDT)
Received: by mail-it1-x134.google.com with SMTP id l140so11571269itb.0 for <ipv6@ietf.org>; Fri, 03 May 2019 15:53:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jaxgA4IkVl8yIaX2L4U2nZUMSyFbOVvbMjO6PNYz7VY=; b=nAFXNkmIVB7KAA4Rg4zy7LwXEfN+0t6uzSNOtxG2pz7SP1f3vV1xrQiHF/gzqqlR5V zegu5M0oWTkQi/Tku+2L+CFvg5g7pOKqog83/UDCTH0naZKFN+yoJ2mcHAoyLF6KZKLr qbFWaR8bgpmy3HT7fzV4rWbTopKGpVy7BpbpBb/YStgP+oBRVI7bzy8V5bCWrDBqJrMN 4/cSArgSLcgfHnP5XinERYBtU1F3f0mGD8dEPe2MSsFuIEhgOHbWF8Sz+m793qi7Dcpa aO9XlBoSC1RuDAql0kewtkaj6FnixfZloEhPVDur62xcVj1EBLR2MT0KX/i+5Hi/Z15b 5dBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jaxgA4IkVl8yIaX2L4U2nZUMSyFbOVvbMjO6PNYz7VY=; b=LjUav3GnOUUEEI0tBzaFprofmcAtXbDittQ3IZpbjziuv4LyCfMNgMzZolLdpEudrv xyTQfHExcWedvrJwDuYvUq2Ia5R5iQFMYJrZ2+2m75BEWJRVieCkXpavTI4gX2UsXrTE bUUGpydqr5P9yPZIf5dGQn0gJVOnAqhd469/F4BNmhMwRxoH094/ulnEI+B+F0s6VF6v s5MtUr1ap9RVpAjJ5S3AE4ujerK/z3/mB21GY2COx7G8BKgJHVkP0x3R+IqWCvNcVdtq 9S/4kPlvYr42mP4NEB4siZNW1Osz0jPNwNcfqaDVWHS8G5QJPrHQdAhN+iBWK3RKs/V8 QbKg==
X-Gm-Message-State: APjAAAUb24IRzaQ/yjJxFxbk5K8fp99i9JvdpRNyv5InpzfwHcGHW9HP hL5rq+9Lsx+WWq8xOUkk7/hhSxLDYFv1h24zX68=
X-Google-Smtp-Source: APXvYqyzmc/FbSInssj1ccn+O3gCBB4XlN+WhGaqAfigOKEBNfTGaCllwgwBRLXJJ5xjnhCeIOEShzg6dzZQiDGDU50=
X-Received: by 2002:a24:32cb:: with SMTP id j194mr7719665ita.168.1556924017489; Fri, 03 May 2019 15:53:37 -0700 (PDT)
MIME-Version: 1.0
References: <F8BFFCAD-E58E-4736-8A1C-56579B6F6032@employees.org> <a2465e81-a17f-ab48-efda-20fe12a70077@foobar.org> <30239E0C-C444-4A7E-8342-AEE47BF8A2BB@employees.org> <8b9fd743-bfcc-525c-98f6-154f3fa713cc@foobar.org> <CAO42Z2zEWvt9NyemMb8H0AEvPvmNSDGa4wcXiS6n5yRxNFCHQg@mail.gmail.com> <c7e18765-be04-6494-8193-984dbccb520b@foobar.org> <CANMZLAYh+V57yrWOzmUyjSMK0g95u1D5_GZmyZBMOMKAZnrnCg@mail.gmail.com> <3F474511-6FE3-4A0A-9B84-7C37F08FBB5D@steffann.nl> <E352C226-C708-4418-BCDE-10525CAB109A@jisc.ac.uk> <652fb10e-b8ce-0151-a9a0-62d2378caed2@gmail.com> <0079c716-d56c-7199-f493-f5e56e1307ae@foobar.org> <b33de303-eaca-f7f6-804e-2c9343eb92a1@gmail.com> <6C4ABEF1-2565-4BA9-9FC5-5B3C45A719AD@gmail.com> <c2222416-6491-1906-a403-d012777a4b38@gmail.com>
In-Reply-To: <c2222416-6491-1906-a403-d012777a4b38@gmail.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Fri, 03 May 2019 18:53:25 -0400
Message-ID: <CABNhwV0-SdKZqQa4z9jhpc8h1Eq=8UxRhtvHt1==BYEMTVRjug@mail.gmail.com>
Subject: Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Nick Hilliard <nick@foobar.org>, IPv6 IPv6 List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000013d3f0588039fd3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/HTIMovTtjtph4op8sqHdCp8wvmE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2019 22:53:50 -0000

Do we or anyone in the WG know of any enterprise that is thinking of going
IPv6 only.  I don't.

I agree you have nat64 and dns64 and 6to4 proxy  for IPv6 only enterprises
to access IPv4 content but if I was an enterprise customer I would go with
dual stack over IPv6 only as that is the recommended mainstream deployment
of IPv6 and IPv6 only is a few and far between  extreme exception that I
don't think will gain traction till we are close to 100% of all internet
content being dual stacked.


Regards

Gyan

On Fri, May 3, 2019, 4:12 PM Brian E Carpenter <brian.e.carpenter@gmail.com>
wrote:

> > So bottom line here is that until the internet content is 100% IPv6
> there is no way any broadband provider would pull back IPv6 thus in essence
> making this IPv6 flag literally useless and added on way to early in the
> game which brings me to my next point.
>
> Sorry but you miss the point. An enterprise might choose to provide only
> IPv6 service (and presumably some variant of NAT64) this year. What a
> broadband service provider might decide is a different matter; of course
> they are driven by their own market.
>
> Regards
>    Brian
>
> On 04-May-19 04:17, Gyan Mishra wrote:
> > Brian
> >
> > IPv6 penetration is honestly really defined by the percentage of content
> on the internet that is dual stacked which is still pretty far off and has
> a long ways to go to even get to a tipping point 50/50 mark.
> >
> > As far as cable and broadband providers for end users they are now
> starting to dual stack but it will be a long time as I said not until we
> hit the 100% mark that all content on the internet is dual stacked would
> broadband providers start thinking about pulling back and disabling IPv6.
> >
> > The internet really drives the local corporations and intranet which
> lags behind so that would be even further down the pike.
> >
> > All broadband providers small and the big ones like Comcast Verizon Time
> Warner etc would not want to risk losing customers to their competitors if
> they pulled back IPv4 early and the internet content was not 100% IPv6.
> >
> > If they did so god forbid they may be in for a a lot of class action
> suits as the entire internet majority being IPv4 would now not be
> accessible.
> >
> > So bottom line here is that until the internet content is 100% IPv6
> there is no way any broadband provider would pull back IPv6 thus in essence
> making this IPv6 flag literally useless and added on way to early in the
> game which brings me to my next point.
> >
> > With regard to security ICMPv6 is not secure and with a SEND secure
> neighbor discovery that could be secure the iCMPv6 RFC 4861 RS/RA type
> 133/134 and NS/NA type 135/136.
> >
> > So the RA that has the reserved field 2 flag bits now allocated to the
> IPv6 only flag can be subject to a man in the middle attack easily with a
> sniffer and spoofing the packet from the router manipulation of the the
> bird setting from all sending routers to 0 and now basically you have a
> massive outage.  Thinking about this on a larger scale let’s say If a
> router was exposed to an attack that someone gained accesses via a stack
> overflow or glitch the the attacker could not manipulate the flag to set
> the IPv6 only flag on all routers and now you have an IPv4 meltdown and a
> massive outage.
> >
> > There are many scenarios of which this is only a few off the top of my
> head but maybe on a more grand scale since all hosts are talking ICMPv6
> let’s say their was malware ddos virus that hit internet wise and was via
> email or any other type of delivery mechanism that was able to compromise
> all hosts gain root access and now on the host itself can set this IPv6
> only flag to 1 and now you have an internet wide meltdown the  worst in
> history.
> >
> > So I a nutshell this IPv6 only flag in my opinion is way ahead of its
> time and is a good thought but at this point is way jumping the gun as the
> entire internet community is not ready for this flag as our penetration
> numbers are not there yet.
> >
> > I really think we should defer this RFC and put on hold for the future.
> >
> > Gyan
> >
> > Sent from my iPhone
> >
> >> On May 2, 2019, at 7:52 PM, Brian E Carpenter <
> brian.e.carpenter@gmail.com> wrote:
> >>
> >> Nick,
> >>> On 01-May-19 09:55, Nick Hilliard wrote:
> >>> Brian E Carpenter wrote on 30/04/2019 21:48:
> >>>> So I'd rather understand *why* the costs outweigh the benefits. One
> >>>> more thing for an operator to configure and check in each first-hop
> >>>> router, vs reduction of pointless traffic on updated hosts. I'm not
> >>>> sure how to make that an objective rather than a subjective
> >>>> trade-off.
> >>> Hi Brian,
> >>>
> >>> Email is being a serious barrier to communication in this discussion
> :-(
> >>>
> >>> The problem statement just isn't there:
> >>>
> >>> https://mailarchive.ietf.org/arch/msg/ipv6/GCGYTXhg0V9mQBrcO7zhC5wtnp0
> >>>
> >>> The contents of this email largely still apply to the current text in
> -05.
> >>
> >> It's a judgment call. IMHO the problem statement is adequate. In your
> opinion, it isn't.
> >>
> >>> The cost is too high:
> >>>
> >>> https://mailarchive.ietf.org/arch/msg/ipv6/NIJ194PI8CLkuZT8U_jKEOY01QI
> >>>
> >>> You've shown no analysis of realistic use cases.
> >>>
> >>> For something standards track, and this far down the protocol stack
> and
> >>> with such a large security considerations section, the proposal ought
> to
> >>> be thoroughly compelling for a wide variety of deployment scenarios,
> but
> >>> it isn't.  There are better ways of skinning this cat.
> >>
> >> Again, a judgment call. We do refer to Layer 2 solutions and this is
> clearly positioned as a complementary approach.
> >>
> >> The authors aren't going to make the final judgment call, obviously.
> >>
> >>   Brian
> >>
> >> --------------------------------------------------------------------
> >> IETF IPv6 working group mailing list
> >> ipv6@ietf.org
> >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> >> --------------------------------------------------------------------
> >
>
>

v2.23.0 | Report a Bug | By Email