Re: IPv6 only host NAT64 requirements?

Brian E Carpenter <> Tue, 14 November 2017 00:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0274E12421A for <>; Mon, 13 Nov 2017 16:11:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7KWzg9ztSf4a for <>; Mon, 13 Nov 2017 16:11:27 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BCC551200CF for <>; Mon, 13 Nov 2017 16:11:27 -0800 (PST)
Received: by with SMTP id a84so8142385pfl.0 for <>; Mon, 13 Nov 2017 16:11:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=e4xNxR6BPyGUhaNQTxzGx0C3nCFPCWR0Syvjk/+Uj7o=; b=AqSkmTCOBwcKpdnpvcbx6/Mvz8PIczxkrpsLxm+KNQscexxTfd3xmHVorXXF0O5ZAv VKrC3xu2Z5C/j1A+B2c01imrfGYrJtv+sSneJHBorvLDDmThDtpHvgnX/9ybcgLAAsHt JlB6S2yP2AcpZo1tzqUNpi5h1yNWdmqM7n0fxydokIbAZuVfS06lEF7hcARkSPkxvnPs x7R2GkfNxKKx9tGyYWLCh9v1F+e3ERCFfPArXyOZUXeVEJlFos52bGAagPRB+49++HMJ aIVAVM600ohspyaOxp3WnxnS2rxzPxL24oGYktXZmRp2SofxpGW7vwtkkhyKBwhCClQZ QC7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=e4xNxR6BPyGUhaNQTxzGx0C3nCFPCWR0Syvjk/+Uj7o=; b=ChnNGTLoLfJweQBmuhGbp1hkMHSc5ZZX1Y8vB/rAtZFozG96s/Tz6yxjJaBaWFXf1a GoEQwacA/DpMkKo8MLIxnXqUJbWbOHo6qrxbTAuiaHJ+S2zy9uBUU71r5uVZCiyNozDm QVldJEkqlThnopxI9HIV3KfZ3u1t1D98TEmbiRw9EA9+vRKq6uU+4Fz8wC3a/XnHQkFH Ki0MaQ3k7f7D0+NFpaKFHID+pHyRbnN69BD7UnScpC/xEOL1QHpMyK1ZEQJS071WNvTU h/ne08AhvnzuyU/vdf4nsnZUYCk14q58xa1pMfVFxTxe5L2yQ2TSqbBX+UhPCTJ5z3dz P9ow==
X-Gm-Message-State: AJaThX58mUlao85ITKRj5VCvVGWfnXnVBb/EXOj+sm8l5xPlDfmjc1YL YkkS/ZF2t0G/1uoeC/JWqbH5JQ==
X-Google-Smtp-Source: AGs4zMaYml5QOs/qHV6iV4Bydpo2yaPvYzNKFqylJcPFRgqMnRG1/EygBG1WnKSlhtQSWGg5KbiupA==
X-Received: by with SMTP id 95mr6166660plc.151.1510618286714; Mon, 13 Nov 2017 16:11:26 -0800 (PST)
Received: from [] ([]) by with ESMTPSA id y20sm9736403pgc.52.2017. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Nov 2017 16:11:25 -0800 (PST)
Subject: Re: IPv6 only host NAT64 requirements?
To: Philip Homburg <>,
References: <> <> <>
From: Brian E Carpenter <>
Organization: University of Auckland
Message-ID: <>
Date: Tue, 14 Nov 2017 13:11:24 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 14 Nov 2017 00:11:29 -0000

On 14/11/2017 04:35, Philip Homburg wrote:
>> I am not optimistic on the demand / need / value of dnssec in any scenario
>> ....let alone an ipv6-only host validating an ipv4-only dns name. If the
>> folks operating this service cared, they could operate the server with
>> signed v6 names.  It is more reasonable in todays internet to asked the
>> server (lets assume most signed name scenarios are servers) to be setup
>> right (with v6). There is not a compelling reason why having v6 is
>> unattainable today for named nodes.
> DNSSEC is something that works today. 

This is not the impression I get from attending IEPG meetings
and chatting in the corridors at the IETF. Also, we knew throughout
the development of NAT64/DNS64 that DNSSEC was a major stumbling block.
I don't think it is a good idea to entangle RFC6434bis with that issue.