Re: IPv6 only host NAT64 requirements?

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 14 November 2017 00:11 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0274E12421A for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 16:11:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7KWzg9ztSf4a for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 16:11:27 -0800 (PST)
Received: from mail-pf0-x22a.google.com (mail-pf0-x22a.google.com [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCC551200CF for <ipv6@ietf.org>; Mon, 13 Nov 2017 16:11:27 -0800 (PST)
Received: by mail-pf0-x22a.google.com with SMTP id a84so8142385pfl.0 for <ipv6@ietf.org>; Mon, 13 Nov 2017 16:11:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=e4xNxR6BPyGUhaNQTxzGx0C3nCFPCWR0Syvjk/+Uj7o=; b=AqSkmTCOBwcKpdnpvcbx6/Mvz8PIczxkrpsLxm+KNQscexxTfd3xmHVorXXF0O5ZAv VKrC3xu2Z5C/j1A+B2c01imrfGYrJtv+sSneJHBorvLDDmThDtpHvgnX/9ybcgLAAsHt JlB6S2yP2AcpZo1tzqUNpi5h1yNWdmqM7n0fxydokIbAZuVfS06lEF7hcARkSPkxvnPs x7R2GkfNxKKx9tGyYWLCh9v1F+e3ERCFfPArXyOZUXeVEJlFos52bGAagPRB+49++HMJ aIVAVM600ohspyaOxp3WnxnS2rxzPxL24oGYktXZmRp2SofxpGW7vwtkkhyKBwhCClQZ QC7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=e4xNxR6BPyGUhaNQTxzGx0C3nCFPCWR0Syvjk/+Uj7o=; b=ChnNGTLoLfJweQBmuhGbp1hkMHSc5ZZX1Y8vB/rAtZFozG96s/Tz6yxjJaBaWFXf1a GoEQwacA/DpMkKo8MLIxnXqUJbWbOHo6qrxbTAuiaHJ+S2zy9uBUU71r5uVZCiyNozDm QVldJEkqlThnopxI9HIV3KfZ3u1t1D98TEmbiRw9EA9+vRKq6uU+4Fz8wC3a/XnHQkFH Ki0MaQ3k7f7D0+NFpaKFHID+pHyRbnN69BD7UnScpC/xEOL1QHpMyK1ZEQJS071WNvTU h/ne08AhvnzuyU/vdf4nsnZUYCk14q58xa1pMfVFxTxe5L2yQ2TSqbBX+UhPCTJ5z3dz P9ow==
X-Gm-Message-State: AJaThX58mUlao85ITKRj5VCvVGWfnXnVBb/EXOj+sm8l5xPlDfmjc1YL YkkS/ZF2t0G/1uoeC/JWqbH5JQ==
X-Google-Smtp-Source: AGs4zMaYml5QOs/qHV6iV4Bydpo2yaPvYzNKFqylJcPFRgqMnRG1/EygBG1WnKSlhtQSWGg5KbiupA==
X-Received: by 10.84.130.104 with SMTP id 95mr6166660plc.151.1510618286714; Mon, 13 Nov 2017 16:11:26 -0800 (PST)
Received: from [172.16.132.82] ([101.100.166.3]) by smtp.gmail.com with ESMTPSA id y20sm9736403pgc.52.2017.11.13.16.11.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Nov 2017 16:11:25 -0800 (PST)
Subject: Re: IPv6 only host NAT64 requirements?
To: Philip Homburg <pch-ipv6-ietf-4@u-1.phicoh.com>, ipv6@ietf.org
References: <6755862C-AA12-45B4-98B8-EF6D9F90898B@employees.org> <CAD6AjGRhn80LUJrut4ebDKPfFkdu3ySN8fjH_JvCjSNA-_tfYw@mail.gmail.com> <m1eEGlw-0000FsC@stereo.hq.phicoh.net>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <c7987f0a-9fb9-0311-b017-2b230a21bd1d@gmail.com>
Date: Tue, 14 Nov 2017 13:11:24 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <m1eEGlw-0000FsC@stereo.hq.phicoh.net>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/N-sUPfblQJ__RoUemf-b-suQbug>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 00:11:29 -0000

On 14/11/2017 04:35, Philip Homburg wrote:
>> I am not optimistic on the demand / need / value of dnssec in any scenario
>> ....let alone an ipv6-only host validating an ipv4-only dns name. If the
>> folks operating this service cared, they could operate the server with
>> signed v6 names.  It is more reasonable in todays internet to asked the
>> server (lets assume most signed name scenarios are servers) to be setup
>> right (with v6). There is not a compelling reason why having v6 is
>> unattainable today for named nodes.
> 
> DNSSEC is something that works today. 

This is not the impression I get from attending IEPG meetings
and chatting in the corridors at the IETF. Also, we knew throughout
the development of NAT64/DNS64 that DNSSEC was a major stumbling block.
I don't think it is a good idea to entangle RFC6434bis with that issue.

    Brian