Re: IPv6 only host NAT64 requirements?

Ole Troan <otroan@employees.org> Tue, 14 November 2017 02:50 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDC4C129A96 for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 18:50:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oQSddzC_GcKv for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 18:50:44 -0800 (PST)
Received: from accordion.employees.org (accordion.employees.org [198.137.202.74]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DBD6127909 for <ipv6@ietf.org>; Mon, 13 Nov 2017 18:50:44 -0800 (PST)
Received: from h.hanazo.no (nat64-7b.meeting.ietf.org [31.130.238.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by accordion.employees.org (Postfix) with ESMTPSA id 01EF62D4F99; Tue, 14 Nov 2017 02:50:44 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by h.hanazo.no (Postfix) with ESMTP id D0B2D200C0F3C6; Tue, 14 Nov 2017 10:50:20 +0800 (+08)
From: Ole Troan <otroan@employees.org>
Message-Id: <BDE1F599-6BF1-4FC1-AA2E-F55A556FB183@employees.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_03CD319F-FE84-419C-AB00-765EA46F7484"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\))
Subject: Re: IPv6 only host NAT64 requirements?
Date: Tue, 14 Nov 2017 10:50:19 +0800
In-Reply-To: <24403.1510627646@obiwan.sandelman.ca>
Cc: Ca By <cb.list6@gmail.com>, 6man WG <ipv6@ietf.org>
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <6755862C-AA12-45B4-98B8-EF6D9F90898B@employees.org> <6445323B-FFE4-4A3E-9EFB-9F4D05BED0D5@jisc.ac.uk> <48E76543-3DD4-43E8-9B50-5CC4D9D76A2F@cisco.com> <7C928B66-8D07-42A0-9168-617E2978227F@jisc.ac.uk> <CAD6AjGQdenKMxQ6KBeBGzTu6fAtR9d_x7HuSPYVATcKEOdmNUQ@mail.gmail.com> <24403.1510627646@obiwan.sandelman.ca>
X-Mailer: Apple Mail (2.3445.4.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/wHW0q0L7sLuLE8L2DlOVSLdt7H0>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 02:50:45 -0000

Michael,

>> I have a network with 10s of millions of ipv6-only nodes, none of
>> which can so dnssec (neither android nor ios support it) and the
>> implication that these nodes are no longer ipv6 since they don't do
>> dnssec is ludicrous.
> 
> If you want to do DNSSEC validation, and there is a possibility of NAT64,
> then you need to do the DNS64 locally.
> 
> If you aren't doing DNSSEC now, then it won't matter.
> When you add DNSSEC, then you have to do NAT64 prefix discovery, and DNS64.

Could you speculate on how much of this should go in the host and thereby are candidates for host requirements and how much belongs in the application?

Best regards,
Ole

Btw: Your key has expired. ;-)