IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-historic-07.txt - software bugs

Alexandru Petrescu <alexandru.petrescu@gmail.com> Thu, 13 November 2014 23:03 UTC

Return-Path: <alexandru.petrescu@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C8BC1AE1AE for <v6ops@ietfa.amsl.com>; Thu, 13 Nov 2014 15:03:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.983
X-Spam-Level:
X-Spam-Status: No, score=-4.983 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, HELO_EQ_FR=0.35, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_HI=-5, SPF_SOFTFAIL=0.665] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y43FBh3GNJUq for <v6ops@ietfa.amsl.com>; Thu, 13 Nov 2014 15:03:24 -0800 (PST)
Received: from cirse-out.extra.cea.fr (cirse-out.extra.cea.fr [132.167.192.142]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F0311AE1A8 for <v6ops@ietf.org>; Thu, 13 Nov 2014 15:03:23 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse.extra.cea.fr (8.14.2/8.14.2/CEAnet-Internet-out-2.3) with ESMTP id sADN3J16019413; Fri, 14 Nov 2014 00:03:19 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id E664020473E; Fri, 14 Nov 2014 00:03:39 +0100 (CET)
Received: from muguet1.intra.cea.fr (muguet1.intra.cea.fr [132.166.192.6]) by pisaure.intra.cea.fr (Postfix) with ESMTP id D8C1B203F87; Fri, 14 Nov 2014 00:03:39 +0100 (CET)
Received: from [127.0.0.1] ([132.166.84.11]) by muguet1.intra.cea.fr (8.13.8/8.13.8/CEAnet-Intranet-out-1.2) with ESMTP id sADN3B9u019617; Fri, 14 Nov 2014 00:03:18 +0100
Message-ID: <546538AF.1050101@gmail.com>
Date: Fri, 14 Nov 2014 00:03:11 +0100
From: Alexandru Petrescu <alexandru.petrescu@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Jeroen Massar <jeroen@massar.ch>, v6ops@ietf.org
References: <20141111054026.11197.49784.idtracker@ietfa.amsl.com> <5461A23D.5020506@gmail.com> <546264A5.4050309@umn.edu> <546271A2.907@gmail.com> <5463C716.1030805@umn.edu> <54646DBE.9060800@dougbarton.us> <20141113084029.GT31092@Space.Net> <5464E4F6.9070401@gmail.com> <5465021A.2080305@dougbarton.us> <546509F1.5060508@massar.ch> <54652069.30805@gmail.com> <546525E7.7050006@massar.ch> <54652E0C.7050901@gmail.com> <546534B0.90300@massar.ch>
In-Reply-To: <546534B0.90300@massar.ch>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/1STXzmqEgCnS6Z0poUqPm66ChH0
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-6to4-to-historic-07.txt - software bugs
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Nov 2014 23:03:26 -0000

Le 13/11/2014 23:46, Jeroen Massar a écrit :
> [Replies to multiple mails in this thread compressed into one]
>
> On 2014-11-13 23:17, Alexandru Petrescu wrote: [..]
>>>> Do not deprecate until you offer a solution satisfying a
>>>> number of requirements (currently unsatisfied by eg tunnel
>>>> brokers).
>>>
>>> Which requirements are these?
>>
>> Ones one would have to lay down and agree on before engaging in
>> new work.
>>
>> For example -1- must allow for reverse DNS ok,
>
> That is a business decision. Most (all?) TBs provide this.
>
> Note that a normal ISP does not do this, hence bit silly to require
> it for a free tunnel...

Home ISP may not do it, but business ISP does.

>> -2- must be secureable by existing e2e IPsec,
>
> The tunnel or the packets that flow within it? What is the problem
> you are trying to solve?

I need to trust enough the other endpoint, not send something in the wild.

> The packets in the tunnel are 1280+ hence, go IPSec away as much as
> you want.
>
> For securing the tunnel it would require distributing keying
> material.
>
> As IPsec is horrible to configure and does not work through NATs
> happily (yes, you can patch crap) nobody ever bothered with this.
>
> For AYIYA packets are signed btw, hence, no spoofing of those. There
> is no crypto though there either.

The questions I have about these are numerous but mostly administrative
as such are hard to formulate here in a public forum.  It has to do with
what kind of business is it, etc.

>
>> -3- to the extent of possible be easy to set up for Clients
>
> TSP (gogoclient) and TIC (AICCU) solve that problem. CPEs incorporate
> these tools or have their own implementations (eg Fritz!Box).
>
> How much 'easier' do you want it?

Easy in the sense of as easy as opening a Google account.

>> and not involve intervention of another party (like when
>> requesting an IPv6 address from an administrator, delayed paper
>> forms, etc).
>
> Gogo's "anonymous" TSP tunnels do this. They get a lot of abuse.

For example, do they spy on you?

> Other Tunnel Brokers and Gogo TSP in "authenticated" mode require
> that one signs up, just as you would with a IPv4 ISP.

For example, what kind of private data should I share with them?

> This is a "business" decision though. Nothing a technical thing can
> solve.

There is no such aspect in 6to4...

>> From another mail:
>
>> For example, the current tunnel brokers are very good but (1) are
>> not trustful,
>
> What do you mean with "trustful"?

HArd to say, who do _you_ trust?

Trustful in the sense of accountable.  I dont want them to spy my
traffic, at least.  I want them to anwser questions when asked.

>> (2) force into later efforts to renumber when going native,
>
> Changing ISPs typically require that.

Whereas we can require the destinationISP to set up routing such that I
keep the same prefix I got from the first.  Or update other databases.

> Only way to avoid that is to get your own PI space.

Another administrative effort?

> At that point you will be able to arrange your own connectivity too
> though.

Only to those ISPs who accept it?

>> (3) require filling in forms.  6to4 has the advantage of not
>> requiring 3.
>
> And 6to4 is unreliable as no ISP can 100% support it.

Its mostly a matter of 6to4 Relays uptime and IP routing finding right 
paths.  Up to now I didnt experience 6to4 Relay not responding.

> With Tunnel Brokers you are signing up for a service. Signing up
> requires forms.

Are the Tunnel Brokers ready to fill in forms that I request conceive?

> Though those forms are there primarily to limit abuse too and to
> enable contacting people when they problems with their tunnel so
> that it can be resolved.

What about the potential abuse from the Tunnel Brokers?

> And another mail:
>> 6to4 is not alowing for reverse DNS either, if I am not terribly
>> wrong.
>
> https://6to4.nro.net

Thanks, I didnt know that.

Does it require filling in forms for each IP address?  I am easier at 
vi-ing a config file in my local DNS and then DNS takes care of rest.

> But even then you still do not want 6to4 as it is unreliable ;)

:-)


Alex

>
> Doug Barton wrote:
>> ... and yet I would assert that unless we're talking about
>> something that is provider managed (such as 6rd) then automatically
>> enabling it for the user is a bad idea. It will create more
>> problems than it solves, and cause a lot of support calls, which
>> ISPs are not
> going to like.
>
> Exactly.
>
> Greets, Jeroen
>
>
>

v2.23.0 | Report a Bug | By Email