Re: PCP, and 6434bis (was Re: IPv6 only host NAT64 requirements?)
Ca By <cb.list6@gmail.com> Thu, 16 November 2017 18:26 UTC
Return-Path: <cb.list6@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BC87126C83 for <ipv6@ietfa.amsl.com>; Thu, 16 Nov 2017 10:26:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-UJ4Np3M80E for <ipv6@ietfa.amsl.com>; Thu, 16 Nov 2017 10:26:47 -0800 (PST)
Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7B531205F1 for <ipv6@ietf.org>; Thu, 16 Nov 2017 10:26:47 -0800 (PST)
Received: by mail-yw0-x22d.google.com with SMTP id r186so11706360ywe.13 for <ipv6@ietf.org>; Thu, 16 Nov 2017 10:26:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=z+tNBFm2h6ldBjI7SnL8vqlmg3/jsoOjiEnQ7zXsfqA=; b=AB3lXqbvW8T2MurvdZHzwORDduZ52NwieHXQRQvclDeAsnHFAVkeE04zK+f4osnHzP O0BWya1C0MjaIJvnoc0cGSiTHU2bYcL4ajseFBBWMb4W3Dgg3iaER4hMvjkJJK92vH1g rvtY0l+UKOujIZFDAaQe+HPhsz7i98Pouz1N4q1BsUJm7O1J/gnB0rYhq3T8fF2B7zkr xCG8kM/mXvceEmCVF8qGUPc7JzWJ6pUYr1G94EUHdTxchP92KCL0xRXTZaI91LwAl4Wv /HcmHrA3FLYD680OSnqKnVzrYE/klgpB0vwyGPA60F1zaDC74R+nnz5RmPn/zv7gSSiv Gy/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=z+tNBFm2h6ldBjI7SnL8vqlmg3/jsoOjiEnQ7zXsfqA=; b=jRx3zo8B4fmW6wuhAASqM4TMgLKK+xUAkRKuf2TP4XX4ZWANg/+DNEW77wDOUkEWz1 Gvc10g2oYZZizxjI01575YWO6TH4LzEn4WcqN25TWGLtR5TaiGGofxWq2oQVpOfb2XT9 DCvRubTta85byjJiTRrmR0+jgtWnsM6GY1sWeFXGHMDAHTCpqBei2CdtmBQu0R2AuoXg KI5VhqPgMoDTS9Ua1ux0SoSOdt/l+wYAbmEb2s2yvt/M7KfU7Fn6RViRbaPDFxUauJTG s4XqZvaUxtfH0AMvNC/LJIYA+srTsYRV/2/g12z9RlaymDkvuBmlRZ0SVdQv1p7FnMYM r04A==
X-Gm-Message-State: AJaThX4QjlIx9lPPfbGPESiV3Dvuy/Oe3m76IT8GsuUiSCj2hIpiVn61 wYUhFbL0DmU1o7DSjkPQGxmJxff4zPPoPCm44Zg=
X-Google-Smtp-Source: AGs4zMYYK48B8Vehe/vwsjybdn7H/iJzWq4U95lU66ah9OUE0p4ovnocDnW2t0tqJ3dzPYKMqb4D6wue39qPWTrXFmY=
X-Received: by 10.13.192.198 with SMTP id b189mr1558808ywd.336.1510856806944; Thu, 16 Nov 2017 10:26:46 -0800 (PST)
MIME-Version: 1.0
References: <m1eEGbJ-0000EhC@stereo.hq.phicoh.net> <D43E103C-27B8-48CF-B801-ACCF9B42533E@employees.org> <m1eEHPS-0000FyC@stereo.hq.phicoh.net> <59B0BEC0-D791-4D75-906C-84C5E423291B@employees.org> <m1eEIGX-0000FjC@stereo.hq.phicoh.net> <73231F8D-498E-4C77-8DA8-044365368FC9@isc.org> <CAKD1Yr1aFwF_qZVp5HbRbKzcOGqn==MRe_ewaA8Qc8t3+CVu_Q@mail.gmail.com> <44A862B7-7182-4B3A-B46E-73065FC4D852@isc.org> <D42D8D7A-6D19-4862-9BB3-4913058A83B6@employees.org> <CAFU7BARCLq9eznccEtkdnKPAtKNT7Mf1bW0uZByPvxtiSrv6EQ@mail.gmail.com> <183A8772-6FEF-43BD-97F9-DD4A2E21DB90@google.com> <5D9D33A8-88F0-4758-84FA-BCB364E8013F@employees.org> <16B61573-E233-40ED-8A22-CD145EBB8F98@google.com> <A89E7192-0FD4-4750-8745-147AFCC364DC@jisc.ac.uk> <CAD6AjGQcF=+FRFke1P0+vcmEEqWQ0NUsfprS6qBvfsG+3HMXhA@mail.gmail.com> <75C8CD33-AF67-4669-8548-EF318FC69BDE@jisc.ac.uk>
In-Reply-To: <75C8CD33-AF67-4669-8548-EF318FC69BDE@jisc.ac.uk>
From: Ca By <cb.list6@gmail.com>
Date: Thu, 16 Nov 2017 18:26:35 +0000
Message-ID: <CAD6AjGR3ZORGCz-71VBPTmC16xQjeHYEiYngC2KV126XE1zTPQ@mail.gmail.com>
Subject: Re: PCP, and 6434bis (was Re: IPv6 only host NAT64 requirements?)
To: Tim Chown <Tim.Chown@jisc.ac.uk>
Cc: 6man WG <ipv6@ietf.org>, Mark Andrews <marka@isc.org>, Ole Troan <otroan@employees.org>, james woodyatt <jhw@google.com>
Content-Type: multipart/alternative; boundary="001a114e6f6248d4d3055e1dc3b7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/zGd23vFsbh12scciIdYJ8iK91k4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 18:26:50 -0000
On Thu, Nov 16, 2017 at 7:26 AM Tim Chown <Tim.Chown@jisc.ac.uk> wrote: > > On 16 Nov 2017, at 12:42, Ca By <cb.list6@gmail.com> wrote: > > > > On Thu, Nov 16, 2017 at 1:53 AM Tim Chown <Tim.Chown@jisc.ac.uk> wrote: > > Hi, > > > > > On 15 Nov 2017, at 23:04, james woodyatt <jhw@google.com> wrote: > > > > > > On Nov 15, 2017, at 13:47, Ole Troan <otroan@employees.org> wrote: > > >> > > >>>> IMHO the optimal solution is: > > >>>> - the network SHOULD provide a host with NAT64 prefix information > in RA; > > >>> > > >>> Disagree. If the network has NAT64, then it should deploy RFC 7225. > Ye gods, this is the very last thing that should be jammed into RA messages. > > >> > > >> Do we really want PCP in IPv6? > > > > > > If we have any kind of NAT, then we need PCP. Using NAT without PCP > considered harmful. That goes for NAT64 and NAT66. > > > > And PCP is still needed to negotiate firewall holes in a pure IPv6 > scenario, isn’t it? Assuming the host with PCP is behind Simple Security. > > > > A question: is this something we should conducer for RFC6434-bis, or > should we be silent on PCP? > > > > No > > > > >> Is PCP successful in IPv4? > > > > > > Well, there was this: < > https://www.ietf.org/proceedings/88/slides/slides-88-pcp-5.pdf> > > > > > >> Or does it even work well with A+P based solutions? > > > > > > Designed expressly for it. > > > > I assumed PCP was designed with an eye firmly on future routed home > networks where firewall holes need to be opened. What is the alternative? > > > > The alternative is secure host and no firewall. There is no firewall at > the ietf conference right now, right? Are you secure ? Is there a malware > outbreak? > > Yet in practice pretty much every ISP deploying IPv6 to residential is > doing so with RFC 6092, or stricter. Perhaps with a toggle to turn off > firewalling, but that’s the reality. > Yes, security FUD marketing is very real Speaking for one largish mobile network ipv6 deployment, we have not hand any issues related to lack of stateful traffic inspection in the last 4 years of ipv6 deployment. So if we are doing a science experiment, we have a control group which has faired the same as the experimental group. I will accept landlines are a slightly different animal. > OTOH it seems that PCP support in hosts / CPEs isn't exactly widespread. > > > The fatal flaw in PCP (aside from the name) is that it assumes the host > needs protection yet it gives the host the power to control the firewall. > Next gen malware will come via email (just like today), it will encrypt > your hard drive, and then setup and c2 network on your pc via pcp > controls. Sad! > > True, and that happens with UPnP today... > > Tim
- IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Tim Chown
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Rajiv Asati (rajiva)
- Re: IPv6 only host NAT64 requirements? Tim Chown
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Lorenzo Colitti
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Ole Troan
- IPv4 only apps [was: IPv6 only host NAT64 require… Brian E Carpenter
- Re: IPv4 only apps [was: IPv6 only host NAT64 req… Ole Troan
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv4 only apps [was: IPv6 only host NAT64 req… Brian E Carpenter
- Re: IPv4 only apps [was: IPv6 only host NAT64 req… Ole Troan
- Re: IPv6 only host NAT64 requirements? Michael Richardson
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Philip Homburg
- Re: IPv6 only host NAT64 requirements? Michael Richardson
- Re: IPv6 only host NAT64 requirements? Lorenzo Colitti
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- Re: IPv6 only host NAT64 requirements? Erik Kline
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? james woodyatt
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? james woodyatt
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? james woodyatt
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? james woodyatt
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- PCP, and 6434bis (was Re: IPv6 only host NAT64 re… Tim Chown
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Ca By
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Tim Chown
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Ca By
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… james woodyatt
- Re: IPv6 only host NAT64 requirements? Michael Richardson
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Michael Richardson
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… james woodyatt
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Mark Andrews
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- Re: IPv6 only host NAT64 requirements? Fred Baker
- Re: IPv6 only host NAT64 requirements? Fred Baker
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Tim Chown
- Re: IPv6 only host NAT64 requirements? james woodyatt
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- Re: PCP, and 6434bis (was Re: IPv6 only host NAT6… Fernando Gont
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Mikael Abrahamsson
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? Simon Hobson
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Mikael Abrahamsson
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- Re: IPv6 only host NAT64 requirements? Mikael Abrahamsson
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Ole Troan
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- Re: IPv6 only host NAT64 requirements? Ole Troan
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Michael Richardson
- Re: IPv6 only host NAT64 requirements? Alexandre Petrescu
- Re: IPv6 only host NAT64 requirements? Ole Troan
- RE: IPv6 only host NAT64 requirements? mohamed.boucadair
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- RE: IPv6 only host NAT64 requirements? Manfredi, Albert E
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- RE: IPv6 only host NAT64 requirements? Manfredi, Albert E
- Re: IPv6 only host NAT64 requirements? Lee Howard
- Re: IPv6 only host NAT64 requirements? Lee Howard
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Ole Troan
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Mark Andrews
- RE: IPv6 only host NAT64 requirements? Masanobu Kawashima
- Re: IPv6 only host NAT64 requirements? Mikael Abrahamsson
- Re: IPv6 only host NAT64 requirements? Mikael Abrahamsson
- Re: IPv6 only host NAT64 requirements? Jen Linkova
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? Ola Thoresen
- Re: IPv6 only host NAT64 requirements? JORDI PALET MARTINEZ
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter
- Re: IPv6 only host NAT64 requirements? Alexandre Petrescu
- Re: IPv6 only host NAT64 requirements? Ca By
- Re: IPv6 only host NAT64 requirements? Brian E Carpenter