IETF Logo Mail Archive

RE: RE: 3484bis and privacy addresses

Dave Thaler <dthaler@microsoft.com> Wed, 11 April 2012 19:18 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A65D21F850F for <ipv6@ietfa.amsl.com>; Wed, 11 Apr 2012 12:18:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.636
X-Spam-Level:
X-Spam-Status: No, score=-103.636 tagged_above=-999 required=5 tests=[AWL=-0.037, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0KxG51I1s4R5 for <ipv6@ietfa.amsl.com>; Wed, 11 Apr 2012 12:18:02 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe002.messaging.microsoft.com [213.199.154.205]) by ietfa.amsl.com (Postfix) with ESMTP id 0E35E21F84F4 for <ipv6@ietf.org>; Wed, 11 Apr 2012 12:18:01 -0700 (PDT)
Received: from mail13-am1-R.bigfish.com (10.3.201.242) by AM1EHSOBE001.bigfish.com (10.3.204.21) with Microsoft SMTP Server id 14.1.225.23; Wed, 11 Apr 2012 19:17:54 +0000
Received: from mail13-am1 (localhost [127.0.0.1]) by mail13-am1-R.bigfish.com (Postfix) with ESMTP id 7FA3620296; Wed, 11 Apr 2012 19:17:54 +0000 (UTC)
X-SpamScore: -35
X-BigFish: VS-35(zz9371I542M1432N98dKzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail13-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=dthaler@microsoft.com; helo=TK5EX14HUBC107.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail13-am1 (localhost.localdomain [127.0.0.1]) by mail13-am1 (MessageSwitch) id 1334171872988970_18704; Wed, 11 Apr 2012 19:17:52 +0000 (UTC)
Received: from AM1EHSMHS004.bigfish.com (unknown [10.3.201.250]) by mail13-am1.bigfish.com (Postfix) with ESMTP id EBB2310004F; Wed, 11 Apr 2012 19:17:52 +0000 (UTC)
Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS004.bigfish.com (10.3.207.104) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 11 Apr 2012 19:17:50 +0000
Received: from TK5EX14MLTW653.wingroup.windeploy.ntdev.microsoft.com (157.54.24.14) by TK5EX14HUBC107.redmond.corp.microsoft.com (157.54.80.67) with Microsoft SMTP Server (TLS) id 14.2.283.4; Wed, 11 Apr 2012 19:17:24 +0000
Received: from TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com ([169.254.4.253]) by TK5EX14MLTW653.wingroup.windeploy.ntdev.microsoft.com ([157.54.24.14]) with mapi id 14.02.0283.004; Wed, 11 Apr 2012 12:17:23 -0700
From: Dave Thaler <dthaler@microsoft.com>
To: Ray Hunter <v6ops@globis.net>
Subject: RE: RE: 3484bis and privacy addresses
Thread-Topic: RE: 3484bis and privacy addresses
Thread-Index: AQHNC+wBSVlewb1jE0uYOWOUBxq41JZ/ZbAAgBPdqECAAOdQAIAAkKBAgAF2ZAD//+UuwA==
Date: Wed, 11 Apr 2012 19:17:23 +0000
Message-ID: <9B57C850BB53634CACEC56EF4853FF653B50CBC2@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com>
References: <4F716D5C.40402@innovationslab.net> <4F726C9E.50107@gmail.com> <9B57C850BB53634CACEC56EF4853FF653B5054C1@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <4F83D8D0.5030402@gmail.com> <9B57C850BB53634CACEC56EF4853FF653B508719@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <4F858C32.6060709@globis.net>
In-Reply-To: <4F858C32.6060709@globis.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.90]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2012 19:18:03 -0000

> -----Original Message-----
> From: Ray Hunter [mailto:v6ops@globis.net]
> Sent: Wednesday, April 11, 2012 6:51 AM
> To: Dave Thaler
> Cc: Brian E Carpenter; ipv6@ietf.org
> Subject: Re: RE: 3484bis and privacy addresses
> 
> With all due respect to everyone concerned, there's no way an end user or IT
> department can buy a bunch of machines based on the text currently contained
> in this proposed Standard Track document and
> 
> 1) be able to predict how each machine will behave by defaultin advance of
> actually plugging it in.
> 
> 2) be able to effectively manage a machine's behaviour remotely via an IETF
> defined control mechanism, because the various MAYs and SHOULDs cannot be
> overridden by the two things that are actually reasonably well defined by the
> IETF i.e.
> the prefix policy table + draft-ietf-6man-addr-select-opt-03 for transporting that
> policy table.

I don't follow.  Can you provide a specific example of something you are concerned
about?

> 
> That suggests to me that we're not yet completely on the right track.
> 
> IMHO If there's an implementation option in 3484bis, there should always be a
> corresponding control option in the (prefix) policy table, plus a way to
> effectively transport that policy table in e.g.
> draft-ietf-6man-addr-select-opt-03.

No, the prefix policy table is for configuring a specific subset of rules (the ones
using labels and preference).  Configurability for other rules isn't part of
the "prefix policy table", but is still configurable. 

-Dave

> 
> Align and package all 3 together, and you have a far better solution.
> 
> regards,
> RayH
> 
> Dave Thaler wrote:
> > Brian Carpenter writes:
> >>> >  >  The wording I propose to add is:
> >>> >  >
> >>> >  >       "There SHOULD be an administrative option to change this
> preference, if the
> >>> >  >       implementation supports privacy addresses.  If there is no such
> option, there
> >>> >  >       MUST be an administrative option to disable privacy addresses."
> >>> >  >
> >>> >  >  -Dave
> >> >
> >> >  That works for me. Perhaps there also needs to be a general
> >> > statement in the security  considerations that all administrative changes
> and options MUST be secured against illicit use.
> >
> > Done.   Draft-02  now includes the wording above, and adds a general
> statement in the
> > security considerations section as you suggested.
> >
> > -Dave
>

v2.23.0 | Report a Bug | By Email