[shim6] draft-garcia-shim6-applicability-01

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 11 October 2011 00:48 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: shim6@ietfa.amsl.com
Delivered-To: shim6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BC8121F8C98 for <shim6@ietfa.amsl.com>; Mon, 10 Oct 2011 17:48:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.449
X-Spam-Level:
X-Spam-Status: No, score=-103.449 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xsx3lk3RmuCC for <shim6@ietfa.amsl.com>; Mon, 10 Oct 2011 17:48:46 -0700 (PDT)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by ietfa.amsl.com (Postfix) with ESMTP id 7AE4B21F8C91 for <shim6@ietf.org>; Mon, 10 Oct 2011 17:48:46 -0700 (PDT)
Received: by qyk33 with SMTP id 33so5146776qyk.10 for <shim6@ietf.org>; Mon, 10 Oct 2011 17:48:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=L8mEtpyjGun9US9kEVWgCXtj0NFQqtQzq2YWt1AQmmg=; b=e9Ariny5iCYWhBQ7zd0nMTVYpY+93qQaLoRQYhOLL76MDYkEbvguShBiJsHLns67Nv d1IpLRnvbR+im2lMnxdMrjFNGiI1N+/11UKj/rDBuh/DjdP11lWf0rlh6BJ9tcznA9nO qelAX+q9CT6BQvdvt6ofUxRbgtMG0pYkOSGdw=
Received: by 10.229.179.165 with SMTP id bq37mr2399594qcb.193.1318294123951; Mon, 10 Oct 2011 17:48:43 -0700 (PDT)
Received: from [130.216.38.124] (stf-brian.sfac.auckland.ac.nz. [130.216.38.124]) by mx.google.com with ESMTPS id bz6sm25162866qab.22.2011.10.10.17.48.40 (version=SSLv3 cipher=OTHER); Mon, 10 Oct 2011 17:48:43 -0700 (PDT)
Message-ID: <4E939270.5070909@gmail.com>
Date: Tue, 11 Oct 2011 13:48:48 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: =?UTF-8?B?QWxiZXJ0byBHYXJjw61h?= <alberto@it.uc3m.es>
References: <20110901110629.557.88536.idtracker@ietfa.amsl.com> <4E8CCE44.3070808@gmail.com> <00fb01cc875a$4500f9c0$cf02ed40$@it.uc3m.es>
In-Reply-To: <00fb01cc875a$4500f9c0$cf02ed40$@it.uc3m.es>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat@tools.ietf.org, shim6@ietf.org
Subject: [shim6] draft-garcia-shim6-applicability-01
X-BeenThere: shim6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SHIM6 Working Group Mailing List <shim6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shim6>, <mailto:shim6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/shim6>
List-Post: <mailto:shim6@ietf.org>
List-Help: <mailto:shim6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shim6>, <mailto:shim6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2011 00:48:47 -0000

Hi Alberto, thanks for the new draft. Comments in line...

On 2011-10-11 03:38, Alberto García wrote:
> Hi Brian,
> Thanks for your suggestion + comments.
> Answers inline...
> 
> |  -----Mensaje original-----
> |  De: shim6-bounces@ietf.org [mailto:shim6-bounces@ietf.org] En nombre
> |  de Brian E Carpenter
> |  Enviado el: miércoles, 05 de octubre de 2011 23:38
> |  Para: draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat@tools.ietf.org
> |  CC: shim6-wg
> |  Asunto: Re: [shim6] I-D Action: draft-garcia-shim6-applicability-00.txt
> |  
> |  Hi,
> |  
> |  Thanks for updating this draft. I have one suggestion and then some
> |  comments.
> |  
> |  The suggestion is to add a section at the end, just before the Security
> |  section, summarising the unsolved issues for shim6 deployment that can be
> |  found in the text. For example it seems that use of HBA or CGA is
> 
> Well, I'm not really convinced that summarising the unsolved issues would be
> good for the document. I think the whole document is a contextualized
> discussion of 
> - advantages, 
> - unsolved issues and 
> - things that could be solved but are not yet, 
> around Shim6 operation. I'm not sure that extracting the issues (without its
> explanation) in a section would improve readability. 

That's a matter of taste. One cannot tell from the list of contents
which aspects lead to potential problems; since we can't assume that
everybody reads every line, I think a summary of the issues would be
very useful.

> 
> |  incompatible with using DHCPv6 for address assignment, which is probably
> |  quite a problem. (I also wonder whether the Security section should
> |  mention this.)
> 
> This issue is described in some detail in section 3.3, in which it is
> commented that HBAs could be easily configured by DHCP, but configuring CGAs
> in this way would be problematic. (By the way, I've renamed section 3.3 to
> "Address Generation and Configuration", instead of just "Address Generation"
> as it was, since it also discusses configuration.)

Exactly. The details are in 3.3, for people who read everything...

> To include a comment on CGA/HBA address configuration this in the Security
> Considerations section, I think the best way is to add in the third
> paragraph, which discusses the protection provided by the use of CGA/HBA,
> the following text:
> 'Note that for nodes using CGA addresses, security depends on the secure
> handling of the private key associated to the signature and validation of
> locators. In particular, any address configuration method MUST assure that
> the private key remains secret, as discussed in section 3.3.' 

Sure, that's good.

> 
> |  
> |  The comment is that, clearly, exit selection is an unsolved problem.
> |  You do point out that REAP will eliminate address pairs for which correct
> |  exit selection fails, but how about the various techniques described in
> |  draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat?
> |  Also, I suspect that shim6 interactions with MIF and HOMENET need to be
> |  investigated - maybe not in this draft, but they could be mentioned as
> open
> |  issues.
> 
> I think this comment raises quite interesting issues. I've been browsing the
> MIF, HOMENET wg documents, and
> draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat, and I have included new
> text to address some topics related with them (or at least, topics which
> were inspired by reading this documents).
> - Regarding to exit selection, I've changed the section named 'Shim6 and
> Ingress Filtering' to another named 'Shim6 in Multihomed Nodes'. Now the
> section comments briefly the problems identified in
> draft-ietf-mif-problem-statement, and discusses how Shim6 could interact
> with some of the solutions presented in
> draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat. I removed the previous
> discussion on a source-routing solution for exit selection, since I think
> the document should not discuss solutions to problems with broader scope
> than Shim6.

I agree. This is a general problem and I am glad to see it being
tackled in various other drafts.

> - I've added a new subsection named 'Shim6 and Firewalls' in the
> 'Interaction with Other Protocols and Mechanisms' section. In short,
> filtering based in the state created from outgoing packets is problematic
> for remote nodes changing the locators.

Good.

> - I've added a new subsection named 'Shim6 and IPv6 NAT' after the firewall
> section. In short, IPv6 NATs may allow communicating with the ULID pair
> (with the initial locators), but communication will break with some cases in
> which locators are changed.


Please please change this to refer to *prefix* translation and RFC 6296.
Although that RFC is only Experimental, the idea is to show that the
prefix translation (not NAPT) is all we need for IPv6.

Regards
   Brian

> Since there are many changes, I have generated a new version of the draft:
> https://datatracker.ietf.org/doc/draft-garcia-shim6-applicability/
> 
> What do you think? 
> 
> Thanks,
> Alberto
> 
> |  
> |  In any case I support this draft going forward to the AD quite soon.
> |  
> |  Regards
> |     Brian Carpenter
> |  
> |  
> |  
> |  
> |  On 2011-09-01 23:06, internet-drafts@ietf.org wrote:
> |  > A New Internet-Draft is available from the on-line Internet-Drafts
> |  directories.
> |  >
> |  > 	Title           : Applicability Statement for the Level 3
> Multihoming
> |  Shim Protocol (Shim6)
> |  > 	Author(s)       : Joe Abley
> |  >                           Marcelo Bagnulo
> |  >                           Alberto Garcia-Martinez
> |  > 	Filename        : draft-garcia-shim6-applicability-00.txt
> |  > 	Pages           : 22
> |  > 	Date            : 2011-09-01
> |  >
> |  >    This document discusses the applicability of the Shim6 IPv6 protocol
> |  >    and associated support protocols and mechanisms to provide site
> |  >    multihoming capabilities in IPv6.
> |  >
> |  >
> |  > A URL for this Internet-Draft is:
> |  > http://www.ietf.org/internet-drafts/draft-garcia-shim6-applicability-0
> |  > 0.txt
> |  >
> |  > Internet-Drafts are also available by anonymous FTP at:
> |  > ftp://ftp.ietf.org/internet-drafts/
> |  >
> |  > This Internet-Draft can be retrieved at:
> |  > ftp://ftp.ietf.org/internet-drafts/draft-garcia-shim6-applicability-00
> |  > .txt _______________________________________________
> |  > I-D-Announce mailing list
> |  > I-D-Announce@ietf.org
> |  > https://www.ietf.org/mailman/listinfo/i-d-announce
> |  > Internet-Draft directories: http://www.ietf.org/shadow.html or
> |  > ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> |  >
> |  _______________________________________________
> |  shim6 mailing list
> |  shim6@ietf.org
> |  https://www.ietf.org/mailman/listinfo/shim6
> 
>