Re: IPv6 only host NAT64 requirements?
Ca By <cb.list6@gmail.com> Mon, 13 November 2017 03:32 UTC
Return-Path: <cb.list6@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 873BE126DCA for <ipv6@ietfa.amsl.com>; Sun, 12 Nov 2017 19:32:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Level:
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0YNaFjMa55SQ for <ipv6@ietfa.amsl.com>; Sun, 12 Nov 2017 19:32:33 -0800 (PST)
Received: from mail-yw0-x235.google.com (mail-yw0-x235.google.com [IPv6:2607:f8b0:4002:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A933E126E64 for <ipv6@ietf.org>; Sun, 12 Nov 2017 19:32:33 -0800 (PST)
Received: by mail-yw0-x235.google.com with SMTP id k191so3965036ywe.1 for <ipv6@ietf.org>; Sun, 12 Nov 2017 19:32:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2JlD0LdPUFMoCpv97Kzyqd3bAaJRc/0kvJYTy2twZYg=; b=KrdyovwwD0oexH+4pGu/ELTyyYBdtlo1XddoKenp7NNx3TubpaD/miLSuuTiqvXVms wBVzqzg3wLMpVRMuUqIsqWggqTPgcvQxCg4IKF5e/aptWbV83PPlcGK/HOPnn173uctR S143VYSOLI7v81MFwPrOhUCwtPDG+jWM2mmt9WBkx2QQnvDEsCGqBT16Aqw+vV611K4u Wssh7RV4+TeEpfBEUjaKotjj601xdJ+nd0EDYzYM7IEtMx6R50lWTqX59unpTDt97uBN 28S+Yry3Cydz1s4mtBXooAyNDeY5CuGOi/B6Y/O1a0vvOCXEX5M2Bc5NQ1sw/KbE7e5/ exXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2JlD0LdPUFMoCpv97Kzyqd3bAaJRc/0kvJYTy2twZYg=; b=kKpm8kVagZtuKn8o0lkExg+aRBvvKAoVOGZ+qjc+4XLyP2R36hHNKgVAsJqn+lNgCC tyajK+Um6MDo84TwgxDUbAHJdIbNNQMTNbh1Cnsb4BBoLDbWPWQyPvnWcsgpN424bFfZ ZZQ4FXGZUXgzFsy38hpo/VCRPxuafBzBhVmiDrqEIamTo/tAg8R1vTR/pHAiRYPKfq1U otd1zshIZANAJf5FKJS1qo7M7XES6KsVKvqyAg05giGMOm2J0vDvXPyMIY+D0EXMsB8s oa+n+4muFUVcDxZIEFA180nW5M53gsXrwISHGrUgjw8AW2dQrwFlizXUAG+FZWloAES6 Mmnw==
X-Gm-Message-State: AJaThX43srbOSyIJyvurAZW4g8u5Tcw2YlprcJdZiVVYbaVusjOvuWty T+ZeuuCaUR4NPhppPPujg+nImFfRX2jN7l/y9VI=
X-Google-Smtp-Source: AGs4zMa5Qu4r0uuki/BqZkQ36WBXpB4P1tsuTLsHVBPpDDuZckrS2qw5L1TaYHDY6yS9wuTSHAx1iAJOnXNEN8k+Yw8=
X-Received: by 10.13.192.69 with SMTP id b66mr5112108ywd.336.1510543952910; Sun, 12 Nov 2017 19:32:32 -0800 (PST)
MIME-Version: 1.0
References: <6755862C-AA12-45B4-98B8-EF6D9F90898B@employees.org>
In-Reply-To: <6755862C-AA12-45B4-98B8-EF6D9F90898B@employees.org>
From: Ca By <cb.list6@gmail.com>
Date: Mon, 13 Nov 2017 03:32:22 +0000
Message-ID: <CAD6AjGRhn80LUJrut4ebDKPfFkdu3ySN8fjH_JvCjSNA-_tfYw@mail.gmail.com>
Subject: Re: IPv6 only host NAT64 requirements?
To: Ole Troan <otroan@employees.org>
Cc: 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="001a114edf34bb21ff055dd4eba7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Tk0PA77G_DbE5ymq2MFx9lG48_U>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 03:32:35 -0000
On Sun, Nov 12, 2017 at 6:51 PM Ole Troan <otroan@employees.org> wrote: > At the hackathon there was quite a bit of testing of IPv6 only hosts with > access to the IPv4 network via a NAT64. > > While many applications work well on a classic IPv6 only host, there are a > few things required to make all applications work. > > - Must be able to do NAT64 prefix discovery (RFC6052) > - Synthesise IPv6 address from an IPv4 literal (RFC7050) > > This is to be able to deal with IPv4 address literals. Which are common in > protocols like SIP/ICE/STUN. > These can be implemented directly in applications, or it can be > implemented in the host stack (although application might still have to > change). > > - Should do local DNS64 to support DNSSEC (RFC6147)(if you do validation). > > A DNS64 service in the network looks like a man in the middle attack, so > to support DNSSEC, validation should happen before synthesizing, and must > be done on the host itself. > > If this is the direction we want to go. Encourage IPv6 only host > deployments (as opposed to dual stack hosts), are these requirements we'd > like to add to the IPv6 node requirements document? Somewhere else? > I am not optimistic on the demand / need / value of dnssec in any scenario ....let alone an ipv6-only host validating an ipv4-only dns name. If the folks operating this service cared, they could operate the server with signed v6 names. It is more reasonable in todays internet to asked the server (lets assume most signed name scenarios are servers) to be setup right (with v6). There is not a compelling reason why having v6 is unattainable today for named nodes. With 20 years of experience with ipsec as an ipv6 node requirement, i think it is safe to say the IETF foisting requirents into the network layer has caused more confusion (ipv6 is more secure because everything has ipsec!) and hacks (ospfv3 ...) than actual true security benefit. > Best regards, > Ole > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- >
- IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Tim Chown
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Rajiv Asati (rajiva)
- Re: IPv6 only host NAT64 requirements? Tim Chown
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Lorenzo Colitti
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Ole Troan
- IPv4 only apps [was: IPv6 only host NAT64 require… Brian E Carpenter
- Re: IPv4 only apps [was: IPv6 only host NAT64 req… Ole Troan
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv4 only apps [was: IPv6 only host NAT64 req… Brian E Carpenter
- Re: IPv4 only apps [was: IPv6 only host NAT64 req… Ole Troan
- Re: IPv6 only host NAT64 requirements? Michael Richardson
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Michael Richardson
- Re: IPv6 only host NAT64 requirements? Lorenzo Colitti
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- Re: IPv6 only host NAT64 requirements? Erik Kline
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? james woodyatt
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? james woodyatt
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? james woodyatt
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? james woodyatt
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- PCP, and 6434bis (was Re: IPv6 only host NAT64 re… Tim Chown
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Ca By
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Tim Chown
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Ca By
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… james woodyatt
- Re: IPv6 only host NAT64 requirements? Michael Richardson
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Michael Richardson
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… james woodyatt
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Mark Andrews
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- Re: IPv6 only host NAT64 requirements? Fred Baker
- Re: IPv6 only host NAT64 requirements? Fred Baker
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Tim Chown
- Re: IPv6 only host NAT64 requirements? james woodyatt
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Fernando Gont
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Mikael Abrahamsson
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? Simon Hobson
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Mikael Abrahamsson
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- Re: IPv6 only host NAT64 requirements? Mikael Abrahamsson
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ole Troan
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- Re: IPv6 only host NAT64 requirements? Ole Troan
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Michael Richardson
- Re: IPv6 only host NAT64 requirements? Alexandre Petrescu
- Re: IPv6 only host NAT64 requirements? Ole Troan
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- RE: IPv6 only host NAT64 requirements? Manfredi, Albert E
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- RE: IPv6 only host NAT64 requirements? Manfredi, Albert E
- Re: IPv6 only host NAT64 requirements? Lee Howard
- Re: IPv6 only host NAT64 requirements? Lee Howard
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- RE: IPv6 only host NAT64 requirements? Masanobu Kawashima
- Re: IPv6 only host NAT64 requirements? Mikael Abrahamsson
- Re: IPv6 only host NAT64 requirements? Mikael Abrahamsson
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? Ola Thoresen
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Alexandre Petrescu
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter