Re: [renum] Working Group Last Call: draft-ietf-6renum-enterprise-02.txt
RJ Atkinson <rja.lists@gmail.com> Wed, 19 September 2012 15:18 UTC
Return-Path: <rja.lists@gmail.com>
X-Original-To: renum@ietfa.amsl.com
Delivered-To: renum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3A3B21F86AD for <renum@ietfa.amsl.com>; Wed, 19 Sep 2012 08:18:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SyOPrmxeDQyG for <renum@ietfa.amsl.com>; Wed, 19 Sep 2012 08:18:52 -0700 (PDT)
Received: from mail-qa0-f51.google.com (mail-qa0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id C747221F8643 for <renum@ietf.org>; Wed, 19 Sep 2012 08:18:48 -0700 (PDT)
Received: by qadz3 with SMTP id z3so1124708qad.10 for <renum@ietf.org>; Wed, 19 Sep 2012 08:18:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; bh=M8goUEg5D95OOgTFRKfl4iPVRwXHlbuVlh9+SO5wiZQ=; b=dvjh3TtQsDuIA2F5jVp2e0myM1SQxmbQxLSizX4pz2su3G319nj1LXNnbLa/K7v7WT 4Wyr7W6ddGaT6f/gMySdKZbyTjUrtEyipR8Xwn+MZHXdJ6CY/F+6Ja03mS+wvRXGVI7G iq96lCFMSNxGoa3XLPyFBMZV5SDeVzIirXGtVaAZgeGzfHmIdnjB66QoSktcTk+AO84v xFzXjTHnAPpQEaKnmsD3VEwq+Rs2AB3g1QfCG7gL0vm4QGRaaJLJPma4xZe+oyk4mcZO KR2RmABhfpkUdj2w1+46OXFgqm+/se22NiiKZXR5DUvxi5qZAkDMfiSzf/tbpwk26xRo ZwBw==
Received: by 10.224.71.74 with SMTP id g10mr715941qaj.34.1348067928257; Wed, 19 Sep 2012 08:18:48 -0700 (PDT)
Received: from [10.30.20.13] (pool-74-110-100-136.nrflva.fios.verizon.net. [74.110.100.136]) by mx.google.com with ESMTPS id dp3sm4285862qab.21.2012.09.19.08.18.46 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 19 Sep 2012 08:18:47 -0700 (PDT)
From: RJ Atkinson <rja.lists@gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 19 Sep 2012 11:18:45 -0400
Message-Id: <2709B191-EA6F-44E7-9537-19175DC8AD01@gmail.com>
To: renum@ietf.org
Mime-Version: 1.0 (Apple Message framework v1278)
X-Mailer: Apple Mail (2.1278)
Subject: Re: [renum] Working Group Last Call: draft-ietf-6renum-enterprise-02.txt
X-BeenThere: renum@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Renumbering discussion mailing list." <renum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/renum>, <mailto:renum-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/renum>
List-Post: <mailto:renum@ietf.org>
List-Help: <mailto:renum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/renum>, <mailto:renum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Sep 2012 15:18:53 -0000
I am not a member of the Renum mailing list, but I have a few comments on this draft. General: It would be helpful to use "might" when one means "possibility" and only use "may" when one means "permission". In several places the meaning is a bit unclear, because "may" gets used in different ways in different parts of the document. A little editing would help readability. Section 4.1, "Usage of FQDN", 2nd paragraph: Please cite the mDNS and DNS-SD specifications, which are in the RFC Editor's publication queue, and add them to the REFERENCES section. Section 4.2, page 10, "Reduce the DNS configuration lifetime": The section should note that it is practical and reasonable for A, AAAA, and PTR records to be configured with very short DNS TTL values (e.g. 0 seconds, 1 second), not only during renumbering events, but also for longer-term operation. Recent experimental work done at U. St Andrews [BA2011] has verified much earlier trace-driven simulation research done at MIT which noted that DNS caching is not really very effective. [JSBM2002] [BA2011] S. Bhatti, R. Atkinson, "Reducing DNS Caching", Proc. 14th IEEE Global Internet Symposium (GI2011), Shanghai, China. 15 April 2011. [JSBM2002] J. Jung, E. Sit, H. Balakrishnan, & R. Morris, "DNS Performance and the Effectiveness of Caching", IEEE/ACM Trans. Netw., 10(5):589–603, 2002. Section 4.3, page 12, "DNS record update and DNS configuration": See previous comment above about running DNS with very short TTLs. Section 4.3, page 12, "Tunnel concentrator renumbering": It is NOT correct that IPsec necessarily will fail when a tunnel concentrator is renumbered. As noted in RFC-5887, Section 5.2, IPsec works fine and adapts to renumbering provided that any non IP-address name is used for identity in one's IPsec key management system (e.g. with IKEv1, IKEv2; conceptually also Kerberos). RFC-4306, Section 3.5 lists several non-IP-address name types (ID_FQDN, ID_RFC822_ADDR, ID_DER_ASN1_DN, ID_DER_ASN1_GN, ID_KEY_ID), each of which would be sufficient to provide IPsec resilience in the event of an IP address renumbering event. A similar set of non-IP-address identities was earlier defined for IKEv1, so this is NOT something new with IKEv2. Separately, RFC-2230 defines the KX record, which could be used to help locate the domain-name for a IPsec VPN concentrator associated with a site's domain name. Thanks, Ran
- [renum] Working Group Last Call: draft-ietf-6renu… Howard, Lee
- Re: [renum] Working Group Last Call: draft-ietf-6… Fuyu (Eleven)
- Re: [renum] Working Group Last Call: draft-ietf-6… George, Wes
- Re: [renum] Working Group Last Call: draft-ietf-6… RJ Atkinson
- Re: [renum] Working Group Last Call: draft-ietf-6… Sheng Jiang
- Re: [renum] Working Group Last Call: draft-ietf-6… Gaurav Halwasia (ghalwasi)