IETF Logo Mail Archive

Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05

Gyan Mishra <hayabusagsm@gmail.com> Wed, 08 May 2019 01:53 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B0401201D7 for <ipv6@ietfa.amsl.com>; Tue, 7 May 2019 18:53:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CmrXAUZsOhoA for <ipv6@ietfa.amsl.com>; Tue, 7 May 2019 18:53:29 -0700 (PDT)
Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8EFD120256 for <ipv6@ietf.org>; Tue, 7 May 2019 18:53:29 -0700 (PDT)
Received: by mail-qk1-x72d.google.com with SMTP id z128so8828946qkb.6 for <ipv6@ietf.org>; Tue, 07 May 2019 18:53:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=gS0r76m7OWcaDF9jdeHNlDXp3lz72DprxTJO+hp0Iq4=; b=kuDPmfCpdxUGI/ADRjPJ6H0Q/wEU/1cDuMBIL2GdEzPxwuRFihJzJhYmChcLUs8yXQ 6ptLb1h09nyhc0kn55N0SIwESvlGtj86ubTXpxqYh7t27Z/BRO23Lm4J5BpHoEwRb8gO hAwXjZQQ4HVmaXgSj4uPm4YskNqy0vijsp1oldkfOzIdx2K1/5+asgoUm1Ucxs5OafTa VOZ3E2lRQKIdNMG9cE1GrJCwFPUpOiDeBwuBDvpeeWZh8ay7Eyz5UZ8r2sA7l57+pcfk aCTdfRprh2hk0doBTyVASsyUWLxKQ/bmp/fat9aOhBErqc5WgeHjfrJLsMylq/r/6DPb iZ8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=gS0r76m7OWcaDF9jdeHNlDXp3lz72DprxTJO+hp0Iq4=; b=MXyAOA34IOnAXW5UZ0vJmWK2NprlNMGOoIAekcygM8iPTwijC2VzGosi/4QslFskzW 8KhlqelBz1M+g5+ZgO6eXSiUecbseIZOrwfLunWSVVF9x1OrEkxntpVugZxx/qpi9wWZ FVPa4fjqCsQ2zdYuwCUyWmxOAWTVH5WSBWRUI9I0FX1NA9HJsFgjti3hICSUPlfWEGFd gyphMMoZkala2d7Esw3YBF7qwIxkmhZlG+bdXYFQwFSSG7/IoaeaeyIBhGsTgN1EYwJ0 Juvq56mGDmbplMymVuFJULY1HxmA5cf4U6MTqQmhJ2c1RIHIHta6LrLuytWFndfnjcv8 QJSQ==
X-Gm-Message-State: APjAAAWoeZr7ahB2RlMWQPmdhOOm36c7U/XZ/Adf4JPRFc1Z6LhQtCSd DGhAPPwmGD4viu65ttwkskepFAQ0cFU=
X-Google-Smtp-Source: APXvYqxvmiYxnLSeeBRLtlHmaI45bkP+WJXn/RJfVERx2OzDxqbRBml2o8jGJD+ZXvcHBUuUVUnUcw==
X-Received: by 2002:ae9:de87:: with SMTP id s129mr26641448qkf.63.1557280408516; Tue, 07 May 2019 18:53:28 -0700 (PDT)
Received: from [192.168.1.213] (pool-72-83-194-140.washdc.fios.verizon.net. [72.83.194.140]) by smtp.gmail.com with ESMTPSA id f22sm4746412qtq.11.2019.05.07.18.53.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 May 2019 18:53:27 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
Subject: Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05
From: Gyan Mishra <hayabusagsm@gmail.com>
X-Mailer: iPhone Mail (16E227)
In-Reply-To: <96B31234-D3BE-49C3-A1A6-129FF62039A6@lists.zabbadoz.net>
Date: Tue, 07 May 2019 21:53:26 -0400
Cc: Philip Homburg <pch-ipv6-ietf-6@u-1.phicoh.com>, ipv6@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <37964E60-0B8D-4287-9933-DCC1025030A7@gmail.com>
References: <F8BFFCAD-E58E-4736-8A1C-56579B6F6032@employees.org> <a2465e81-a17f-ab48-efda-20fe12a70077@foobar.org> <30239E0C-C444-4A7E-8342-AEE47BF8A2BB@employees.org> <20190505200449.GB7546@vurt.meerval.net> <80073906-c3c0-1f22-9e7f-c2b349063936@gmail.com> <CAO42Z2xzVW3m0mN7jEn8SYyYCYhrufVnkfp3rBjJcijBkvucNQ@mail.gmail.com> <CACWOCC-35yVYXSRR0sRL-MBMHyOFZtJx9E9h14G8qqVh5T7qGA@mail.gmail.com> <232c1a43-0fd9-4eae-737b-260a3906f72a@gmail.com> <51F2BD2A-A590-4AF1-B8C1-FE62C9416340@steffann.nl> <8C63324F-FEF6-40BD-B918-B413CDEF9186@gmail.com> <BC988F7C-B262-4FF3-929A-02E6BCCE2266@steffann.nl> <BC23F51B-4135-47C6-B22F-8AE5CD8CB6F6@lists.zabbadoz.net> <m1hO4j3-0000IYC@stereo.hq.phicoh.net> <96B31234-D3BE-49C3-A1A6-129FF62039A6@lists.zabbadoz.net>
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/i77-xd-HR6RVgn4HFP37B5iFm-s>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 01:53:38 -0000

Phil

My take initially on this was not supporting due to some of the reasons mentioned.

I really think this IPv6 only flag is futuristic and understand it takes time for OS vendors to implement the flag which is the reason stated to introduce now versus waiting to hit a tipping point towards IPv6 only.

I am glad that we added the option to disable the flag and only enable when ready and on managed networks as I agree on unmanaged this flag really does not apply.

We should make the default for the flag disabled for all OS’s and at the administrator or operators guidance to enable as necessary which completely makes sense and does help eliminate a lot of the issues brought up in this thread and in essence  “defers” the option for future use cases on managed networks only.  

Doing so we get the best of both worlds eliminating issues and security vulnerablities as well as other cons of this flag introducing now and allows the OS vendors to have a long enough lead time to introduce the flag for when managed networks maybe ready to use in the foreseeable future.

In the security section of this draft if we can we add some recommendations for first hop security to protect IPv6 only networks using any DHCPv6 stateful or stateless scenario combinations using security features such as IPv6 snooping, IPv6 source guard to deny traffic from unknown sources and RA guard to only allow RA to be sent from the trusted L2 uplinks to the FHRP routers on the subnet.
Sent from my iPhone

> On May 7, 2019, at 2:33 PM, Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> wrote:
> 
>> On 7 May 2019, at 18:21, Philip Homburg wrote:
>> 
>> But nobody is doing any work on what IPv4 should look like in the future.
> 
> You mean inside the IETF given sunset4 was concluded without conclusion?
> 
> 
> What does SNA, Frame Relay, FDDI, Token Ring, … ok bad examples … what does IPX/SPX, Appletalk, VINES IP, XNS, NetBIOS, .. look like today?  Should we assume IPv4 will have a different fate?
> 
> /bz
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email