IETF Logo Mail Archive

AD Evaluation : draft-ietf-6man-ra-pref64-06

Suresh Krishnan <Suresh@kaloom.com> Sat, 02 November 2019 03:49 UTC

Return-Path: <Suresh@kaloom.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B11D4120AFD; Fri, 1 Nov 2019 20:49:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kaloom.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oseG3mUpy12d; Fri, 1 Nov 2019 20:49:43 -0700 (PDT)
Received: from CAN01-QB1-obe.outbound.protection.outlook.com (mail-eopbgr660116.outbound.protection.outlook.com [40.107.66.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74ED3120913; Fri, 1 Nov 2019 20:49:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XE2KblFPgEDwwEdkYRHHeW6bbICkdrOLh7FMS4VAxCw8Gs5girN6/T77lzC2I0d+zKAfC0etVOop0E5RWT4M2YS6+T7PjbiofoS8lwPO/3qUdTChXIrKG/7QY4kHm+a0SnBU/VL9jnSj3ugt4M9FxPQ5M3WwqRI5xtfRSy+cZapHbnvSqWgjaLujq8YzNQt99Ras8AGAIAr6FUHWNCxHrqy3NnkEJ3yJAPN1V0kF8QizU2S1c5prgCqACe7kHEYRIBYlY0GVVqVG0pbkxl5BNZSIZ6o625ZV6OPY4ljGg+PTliOV6EIs33ayo8hVho5Xy9H8UwxgKNoMTdLf2fGvqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UlYK2HqHxtvSmJweZb4btLGLl8jnG3PTQvPZrqRwrRg=; b=ftLs4jSkwNFqOyIciRDNt7YSt2Pzr5ZuwqoUUPIMbbUB5qdtjNkWJKyqABJ0cEBkG5rKafM8o6rI2666JYJ8EqtqsvC47uHuO1lwq75s5PcQnSKzPsGR/4lq9z35w5KC7RKiTPMhT/KfoJLM1FSR1Wk7FPgZGDSabo3TacZDWD3SN81VwPa1vZUvDE9juqIELPOTyJxuWKSaVDOU/x6YEh3MWsotn6Aqw4gnjgvt470l+bMzdYK8LnD31JqV2LPmJfCg/UaB+jZd5DLBLigcDk+gsMlZjO9pZECgEXYy9qLfvmONAAlkaoHI65/FKFuykVaXH99WVkMJ9F+VUgzDxA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=kaloom.com; dmarc=pass action=none header.from=kaloom.com; dkim=pass header.d=kaloom.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kaloom.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UlYK2HqHxtvSmJweZb4btLGLl8jnG3PTQvPZrqRwrRg=; b=Gsehcsvg/Rf+sXb35l7fZ7oxHuaoJhpHe9LoTLsVsJA/7S3H6WlsQF84rkeQK5JDcrtFF2J+ja1jAK0cGliVq4G4Luk7N3tjXusFWoAed7DReJRa67Pno2PNK9TQsiFnfgB1rAEVexsxXgniFZLZpk7FUSmhLITKNAG5ei+X9Qk=
Received: from YT1PR01MB3642.CANPRD01.PROD.OUTLOOK.COM (10.255.42.27) by YT1PR01MB3914.CANPRD01.PROD.OUTLOOK.COM (10.255.43.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.18; Sat, 2 Nov 2019 03:49:38 +0000
Received: from YT1PR01MB3642.CANPRD01.PROD.OUTLOOK.COM ([fe80::c00b:23f0:4c61:f412]) by YT1PR01MB3642.CANPRD01.PROD.OUTLOOK.COM ([fe80::c00b:23f0:4c61:f412%6]) with mapi id 15.20.2387.030; Sat, 2 Nov 2019 03:49:38 +0000
From: Suresh Krishnan <Suresh@kaloom.com>
To: "draft-ietf-6man-ra-pref64@ietf.org" <draft-ietf-6man-ra-pref64@ietf.org>
CC: 6man WG <ipv6@ietf.org>
Subject: AD Evaluation : draft-ietf-6man-ra-pref64-06
Thread-Topic: AD Evaluation : draft-ietf-6man-ra-pref64-06
Thread-Index: AQHVkTCMshWrGRbR6Euc2J+5rFgk3Q==
Date: Sat, 02 Nov 2019 03:49:38 +0000
Message-ID: <F1B31C38-7CDB-4057-A573-D6AF76B264D3@kaloom.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Suresh@kaloom.com;
x-originating-ip: [45.19.110.76]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2f7f76aa-307a-4df3-c03a-08d75f47af1e
x-ms-traffictypediagnostic: YT1PR01MB3914:
x-microsoft-antispam-prvs: <YT1PR01MB3914A8607C5BC90CD289C4CDB47D0@YT1PR01MB3914.CANPRD01.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 0209425D0A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(366004)(396003)(39840400004)(346002)(136003)(189003)(199004)(508600001)(81156014)(6506007)(26005)(6916009)(66574012)(256004)(316002)(5640700003)(6436002)(450100002)(33656002)(2351001)(6116002)(66066001)(36756003)(14444005)(8936002)(14454004)(4326008)(86362001)(476003)(25786009)(6512007)(2616005)(71200400001)(486006)(99286004)(102836004)(66476007)(2906002)(186003)(3846002)(305945005)(80792005)(76116006)(2501003)(6486002)(81166006)(66946007)(66556008)(8676002)(64756008)(91956017)(66446008)(71190400001)(5660300002)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:YT1PR01MB3914; H:YT1PR01MB3642.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: kaloom.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ZY/hNFj2Jnu/+8yt84bU5ppk55yt9NPboquHzmo46h0E3Azuj5PgdN9CpVBaSOFqGoywsuEJv6nz0WCG+GCK2x2bm9Xm7hhHWhN85SF60I0CUBRIe9kom3SimlmElQecCqpP01VyLvB2X2HYdZLvVpEXsjcYRvpTOCvbWbVxfwhJjBrTPFjyIopObp3/fzgkKTS//rdy+K7hle6t4Ck8R1HCKC818o4ESzuKN2BBFZ8x8dQgC/yqB8nCPXldJZ4+fW+kDfBWwvLVQ+Y+cMI6YkBeZ2dtmLCQj+2lrNA1HYVsft9PhEpnUvlpGlMb4y4I7OKGrFUN37fCTgZg2KGZPBDYLssoabBU1nlyM1arIzKMqT3BekqRDB7H/KCPQmpMu0v36zyPUb8jZtophAzTLR4gKC0bKMAuteZhDoj94xRcDIZCUsgJSM1cdruH3cGq
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <FB6067F1793FE542BEEF16557B64E749@CANPRD01.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: kaloom.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2f7f76aa-307a-4df3-c03a-08d75f47af1e
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Nov 2019 03:49:38.0999 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 47d58e26-f796-48e8-ac40-1c365c204513
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1lXDZctA5qzaU+cfdVKwy9bxmcIgzAq1S7v4y1Irokr+MIMa4Yy7rFOCHc2gdOdHk+y8KzY3Fjy5pjhV8X7pRg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YT1PR01MB3914
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/IJJs9uF9aWv5kb8tLmusNWmZhNU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Nov 2019 03:49:46 -0000

Hi authors,
  I found this draft generally well written and easy to read but I would like a couple of things fixed in it before I send it off to IETF Last call.

* Abstract

OLD:
This document specifies a Router Advertisement option to communicate
NAT64 prefixes to hosts.

NEW:
This document specifies a Neighbor Discovery option to be used in Router
Advertisements to communicate NAT64 prefixes to hosts.

Also make the same change in the Introduction as well.

* Section 2

Maybe worth adding a reference to DoH (RFC8484) here in addition to RFC7858.

* Section 4

Please use a documentation prefix, say 192.0.2.0/24, instead of the RFC1918 address currently used in the example.

* Section 5

The use of the term “lifetime” or “life time” to denote both the intended period of use and the value of the Lifetime field which is one-eighth of the intended value is a bit confusing. Can you deconflict this by calling the field “ShortLifetime" or something similar?

* Section 7

PvD: Define before use and add and a reference to [draft-ietf-intarea-provisioning-domains]

* Section 9

"Providing all
   configuration in Router Advertisements increases security by ensuring
   that no other protocols can be abused by malicious attackers to
   provide hosts with invalid configuration.”

This is not strictly true, right? e.g. Someone can still use PCP to override the Pref64 information from the RA. Suggest rewording to something like this

"Providing all configuration in Router Advertisements reduces the attack surface to be targeted by malicious attackers to provide hosts with invalid configuration as compared to distributing the configuration through multiple different mechanisms that need to be secured independently.”

Thanks
Suresh

v2.23.0 | Report a Bug | By Email