[shim6] draft-garcia-shim6-applicability-01
Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 11 October 2011 00:48 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: shim6@ietfa.amsl.com
Delivered-To: shim6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BC8121F8C98 for <shim6@ietfa.amsl.com>; Mon, 10 Oct 2011 17:48:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.449
X-Spam-Level:
X-Spam-Status: No, score=-103.449 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xsx3lk3RmuCC for <shim6@ietfa.amsl.com>; Mon, 10 Oct 2011 17:48:46 -0700 (PDT)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by ietfa.amsl.com (Postfix) with ESMTP id 7AE4B21F8C91 for <shim6@ietf.org>; Mon, 10 Oct 2011 17:48:46 -0700 (PDT)
Received: by qyk33 with SMTP id 33so5146776qyk.10 for <shim6@ietf.org>; Mon, 10 Oct 2011 17:48:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=L8mEtpyjGun9US9kEVWgCXtj0NFQqtQzq2YWt1AQmmg=; b=e9Ariny5iCYWhBQ7zd0nMTVYpY+93qQaLoRQYhOLL76MDYkEbvguShBiJsHLns67Nv d1IpLRnvbR+im2lMnxdMrjFNGiI1N+/11UKj/rDBuh/DjdP11lWf0rlh6BJ9tcznA9nO qelAX+q9CT6BQvdvt6ofUxRbgtMG0pYkOSGdw=
Received: by 10.229.179.165 with SMTP id bq37mr2399594qcb.193.1318294123951; Mon, 10 Oct 2011 17:48:43 -0700 (PDT)
Received: from [130.216.38.124] (stf-brian.sfac.auckland.ac.nz. [130.216.38.124]) by mx.google.com with ESMTPS id bz6sm25162866qab.22.2011.10.10.17.48.40 (version=SSLv3 cipher=OTHER); Mon, 10 Oct 2011 17:48:43 -0700 (PDT)
Message-ID: <4E939270.5070909@gmail.com>
Date: Tue, 11 Oct 2011 13:48:48 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Alberto García <alberto@it.uc3m.es>
References: <20110901110629.557.88536.idtracker@ietfa.amsl.com> <4E8CCE44.3070808@gmail.com> <00fb01cc875a$4500f9c0$cf02ed40$@it.uc3m.es>
In-Reply-To: <00fb01cc875a$4500f9c0$cf02ed40$@it.uc3m.es>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat@tools.ietf.org, shim6@ietf.org
Subject: [shim6] draft-garcia-shim6-applicability-01
X-BeenThere: shim6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SHIM6 Working Group Mailing List <shim6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shim6>, <mailto:shim6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/shim6>
List-Post: <mailto:shim6@ietf.org>
List-Help: <mailto:shim6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shim6>, <mailto:shim6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2011 00:48:47 -0000
Hi Alberto, thanks for the new draft. Comments in line... On 2011-10-11 03:38, Alberto García wrote: > Hi Brian, > Thanks for your suggestion + comments. > Answers inline... > > | -----Mensaje original----- > | De: shim6-bounces@ietf.org [mailto:shim6-bounces@ietf.org] En nombre > | de Brian E Carpenter > | Enviado el: miércoles, 05 de octubre de 2011 23:38 > | Para: draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat@tools.ietf.org > | CC: shim6-wg > | Asunto: Re: [shim6] I-D Action: draft-garcia-shim6-applicability-00.txt > | > | Hi, > | > | Thanks for updating this draft. I have one suggestion and then some > | comments. > | > | The suggestion is to add a section at the end, just before the Security > | section, summarising the unsolved issues for shim6 deployment that can be > | found in the text. For example it seems that use of HBA or CGA is > > Well, I'm not really convinced that summarising the unsolved issues would be > good for the document. I think the whole document is a contextualized > discussion of > - advantages, > - unsolved issues and > - things that could be solved but are not yet, > around Shim6 operation. I'm not sure that extracting the issues (without its > explanation) in a section would improve readability. That's a matter of taste. One cannot tell from the list of contents which aspects lead to potential problems; since we can't assume that everybody reads every line, I think a summary of the issues would be very useful. > > | incompatible with using DHCPv6 for address assignment, which is probably > | quite a problem. (I also wonder whether the Security section should > | mention this.) > > This issue is described in some detail in section 3.3, in which it is > commented that HBAs could be easily configured by DHCP, but configuring CGAs > in this way would be problematic. (By the way, I've renamed section 3.3 to > "Address Generation and Configuration", instead of just "Address Generation" > as it was, since it also discusses configuration.) Exactly. The details are in 3.3, for people who read everything... > To include a comment on CGA/HBA address configuration this in the Security > Considerations section, I think the best way is to add in the third > paragraph, which discusses the protection provided by the use of CGA/HBA, > the following text: > 'Note that for nodes using CGA addresses, security depends on the secure > handling of the private key associated to the signature and validation of > locators. In particular, any address configuration method MUST assure that > the private key remains secret, as discussed in section 3.3.' Sure, that's good. > > | > | The comment is that, clearly, exit selection is an unsolved problem. > | You do point out that REAP will eliminate address pairs for which correct > | exit selection fails, but how about the various techniques described in > | draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat? > | Also, I suspect that shim6 interactions with MIF and HOMENET need to be > | investigated - maybe not in this draft, but they could be mentioned as > open > | issues. > > I think this comment raises quite interesting issues. I've been browsing the > MIF, HOMENET wg documents, and > draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat, and I have included new > text to address some topics related with them (or at least, topics which > were inspired by reading this documents). > - Regarding to exit selection, I've changed the section named 'Shim6 and > Ingress Filtering' to another named 'Shim6 in Multihomed Nodes'. Now the > section comments briefly the problems identified in > draft-ietf-mif-problem-statement, and discusses how Shim6 could interact > with some of the solutions presented in > draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat. I removed the previous > discussion on a source-routing solution for exit selection, since I think > the document should not discuss solutions to problems with broader scope > than Shim6. I agree. This is a general problem and I am glad to see it being tackled in various other drafts. > - I've added a new subsection named 'Shim6 and Firewalls' in the > 'Interaction with Other Protocols and Mechanisms' section. In short, > filtering based in the state created from outgoing packets is problematic > for remote nodes changing the locators. Good. > - I've added a new subsection named 'Shim6 and IPv6 NAT' after the firewall > section. In short, IPv6 NATs may allow communicating with the ULID pair > (with the initial locators), but communication will break with some cases in > which locators are changed. Please please change this to refer to *prefix* translation and RFC 6296. Although that RFC is only Experimental, the idea is to show that the prefix translation (not NAPT) is all we need for IPv6. Regards Brian > Since there are many changes, I have generated a new version of the draft: > https://datatracker.ietf.org/doc/draft-garcia-shim6-applicability/ > > What do you think? > > Thanks, > Alberto > > | > | In any case I support this draft going forward to the AD quite soon. > | > | Regards > | Brian Carpenter > | > | > | > | > | On 2011-09-01 23:06, internet-drafts@ietf.org wrote: > | > A New Internet-Draft is available from the on-line Internet-Drafts > | directories. > | > > | > Title : Applicability Statement for the Level 3 > Multihoming > | Shim Protocol (Shim6) > | > Author(s) : Joe Abley > | > Marcelo Bagnulo > | > Alberto Garcia-Martinez > | > Filename : draft-garcia-shim6-applicability-00.txt > | > Pages : 22 > | > Date : 2011-09-01 > | > > | > This document discusses the applicability of the Shim6 IPv6 protocol > | > and associated support protocols and mechanisms to provide site > | > multihoming capabilities in IPv6. > | > > | > > | > A URL for this Internet-Draft is: > | > http://www.ietf.org/internet-drafts/draft-garcia-shim6-applicability-0 > | > 0.txt > | > > | > Internet-Drafts are also available by anonymous FTP at: > | > ftp://ftp.ietf.org/internet-drafts/ > | > > | > This Internet-Draft can be retrieved at: > | > ftp://ftp.ietf.org/internet-drafts/draft-garcia-shim6-applicability-00 > | > .txt _______________________________________________ > | > I-D-Announce mailing list > | > I-D-Announce@ietf.org > | > https://www.ietf.org/mailman/listinfo/i-d-announce > | > Internet-Draft directories: http://www.ietf.org/shadow.html or > | > ftp://ftp.ietf.org/ietf/1shadow-sites.txt > | > > | _______________________________________________ > | shim6 mailing list > | shim6@ietf.org > | https://www.ietf.org/mailman/listinfo/shim6 > >
- Re: [shim6] draft-garcia-shim6-applicability-01 Brian E Carpenter
- Re: [shim6] I-D Action: draft-garcia-shim6-applic… Brian E Carpenter
- Re: [shim6] I-D Action: draft-garcia-shim6-applic… Geoff Huston
- Re: [shim6] I-D Action: draft-garcia-shim6-applic… Alberto García
- [shim6] draft-garcia-shim6-applicability-01 Brian E Carpenter
- Re: [shim6] draft-garcia-shim6-applicability-01 Alberto García
- Re: [shim6] draft-garcia-shim6-applicability-01 Geoff Huston
- Re: [shim6] draft-garcia-shim6-applicability-01 Brian E Carpenter
- Re: [shim6] draft-garcia-shim6-applicability-01 Alberto García
- Re: [shim6] draft-garcia-shim6-applicability-01 Brian E Carpenter