Re: AD Evaluation : draft-ietf-6man-ra-pref64-06

Lorenzo Colitti <lorenzo@google.com> Sat, 02 November 2019 04:03 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA451120AFD for <ipv6@ietfa.amsl.com>; Fri, 1 Nov 2019 21:03:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.256
X-Spam-Level:
X-Spam-Status: No, score=-16.256 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tPDS2bHlQ797 for <ipv6@ietfa.amsl.com>; Fri, 1 Nov 2019 21:03:38 -0700 (PDT)
Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CADD1200F4 for <ipv6@ietf.org>; Fri, 1 Nov 2019 21:03:08 -0700 (PDT)
Received: by mail-il1-x130.google.com with SMTP id s75so10342575ilc.3 for <ipv6@ietf.org>; Fri, 01 Nov 2019 21:03:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vnl7Vo/8lUzdbpD6Bce+t7l6xW1NAtZ9JF14BB1R4+g=; b=YkrITV26Mkqi3bvxwdncHFiL5j/sTKCB3eZmNIhZHaL/3jXzMBm423EAITXhoC7+hX 42L0eoKPajzpFaW27mhkHB5QX/R6svYsug3zWtjyqa22Fy0aL8KbKdGN89SsKfYIToeo +eKem2B4Smh1kW3QgHHtPQRFDP9Wd/vkfLpepQTI5yn4BjRXZHBIEh1fPgMY5oHA5M0a laZT6ucf0QhLOjJpZM5SQPzxl6NZC5iLvl8ghpIOiVPRxmgygseIYEey1gvuU4F3d/sU gOKjNR8YH1GVxrAXiQwFnkJ2aL3eP0jIf4pyJVaxS7DNPA+uWZTbJru9dOus+ugRydJb Knqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vnl7Vo/8lUzdbpD6Bce+t7l6xW1NAtZ9JF14BB1R4+g=; b=STdVOrVVqT2QbUIYjT/ZpLitLRycQI37dtsOw9XoklmmxfsG1/A+XJVgrFEH2P4bSc SJJtK63IysuQrTeobDgmgXE7damHWZgJdHCLg7BAOLVFdFkHOTukrd6eOfjZoIzXPB9m 4C1ITUHjymJKdCvkCYH6DlbkVP5uAkbmlWDOLGTTH0eXmYMQ7P0GBTK20W9Thf5eOy+L 4ia4sKBiPrg5TH7jKayN77rqtqK/TJDlwJZSqFShAy4PzNg2KWI/44CEQlvE3XS0q+iG EnSU7hE/sHAfq0FYAzRTYVTRgVZaSqBk2c1AdZCX6sD+LOfXDCjL7mkPAai2NyY6GvsC wIhw==
X-Gm-Message-State: APjAAAVyeIwuazFtclqVFGHmzsMDRZW5Jjep49TXFjwQYqcVJ5Rdk6UR EfKcDmIGPunZJ+bVJEdnouQIy5rVa6C6UHWrRYou/J3l1l8=
X-Google-Smtp-Source: APXvYqwAm8E4eG0NlLZ6diE8T0nztPSVUWWQbt8c7F9PR9XkbonJCbCnueRZlLnIADLL83QUoeCRJ5YAd4qY1Y4xS6Y=
X-Received: by 2002:a92:c08d:: with SMTP id h13mr7473824ile.241.1572667387298; Fri, 01 Nov 2019 21:03:07 -0700 (PDT)
MIME-Version: 1.0
References: <F1B31C38-7CDB-4057-A573-D6AF76B264D3@kaloom.com>
In-Reply-To: <F1B31C38-7CDB-4057-A573-D6AF76B264D3@kaloom.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Sat, 2 Nov 2019 13:02:55 +0900
Message-ID: <CAKD1Yr1vOqTvEsv0oCm+bu7CkFwiyFv8_G1XM+4JAKYLoA21aA@mail.gmail.com>
Subject: Re: AD Evaluation : draft-ietf-6man-ra-pref64-06
To: Suresh Krishnan <Suresh@kaloom.com>
Cc: draft-ietf-6man-ra-pref64@ietf.org, IETF IPv6 Mailing List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f8d79a0596552861"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/SupZvIcw4-2rncGeNteKp5Dp61E>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Nov 2019 04:03:40 -0000

On Sat, 2 Nov 2019, 12:49 Suresh Krishnan, <Suresh@kaloom.com>; wrote:

> Please use a documentation prefix, say 192.0.2.0/24, instead of the
> RFC1918 address currently used in the example.
>

Are you sure this would be an improvement? The example would become less
realistic because 1) 192.0.2.0/24 is a /24 and subnetting a /24 is unusual,
and 2) it's seems like a reasonable thing to do to route private space to a
different NAT.

Is there a larger documentation prefix than 192.0.2.0/24?

* Section 7
>
> PvD: Define before use and add and a reference to
> [draft-ietf-intarea-provisioning-domains]
>

A better reference might be RFC7556.

"Providing all
>    configuration in Router Advertisements increases security by ensuring
>    that no other protocols can be abused by malicious attackers to
>    provide hosts with invalid configuration.”
>
> This is not strictly true, right? e.g. Someone can still use PCP to
> override the Pref64 information from the RA. Suggest rewording to something
> like this


Well, only if nodes implemented the PCP method, which they don't... but
yes, this is true in theory.