[v6ops] Re: The V6OPS WG has placed draft-link-v6ops-claton in state "Call For Adoption By WG Issued"

Jen Linkova <furry13@gmail.com> Fri, 07 June 2024 03:34 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6B4FC14CF15; Thu, 6 Jun 2024 20:34:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.846
X-Spam-Level:
X-Spam-Status: No, score=-6.846 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n1RPqvaEHAGS; Thu, 6 Jun 2024 20:34:31 -0700 (PDT)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8EA8C14F682; Thu, 6 Jun 2024 20:34:31 -0700 (PDT)
Received: by mail-lj1-x231.google.com with SMTP id 38308e7fff4ca-2eabd22d441so25298721fa.2; Thu, 06 Jun 2024 20:34:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717731270; x=1718336070; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=xMcKSuRq/1PWYVjglDSaWYO2jlYTbgPKU8PDVlUEhp0=; b=TCrTCn5xP0eHEKANtjWdKkSGzcHkjwYQzqsWdJNep1mm+Yrosd7MKZlLkUV6spJVlS W4c+6xtwl5fKED4+tq5ejaqJqwKYOLbb0HdYxbXuH4UdC4htHKysp+Z0QM6QeMH0tdlg ntRVOcjKZKhDlcdmSZYyg+gLNJG5IGamNDvhZh6qZpqX7GzElJzOTeHr1PijTcDEUnPg YzpKblHdf9T+1a4C4TGB+WGnZFEuh5dPojPSs+gRMRrbS23UihLYQ0zUih8z8u37QFrO BTr+vRM0C12kzBoJYD2jSuO+mHe+1VAPGeBp9sHN88ubnBvWzobRB0to16Wft7TTRzdV TO+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717731270; x=1718336070; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xMcKSuRq/1PWYVjglDSaWYO2jlYTbgPKU8PDVlUEhp0=; b=oEviUYZruwyq8haX63EKcUlOPoWUACsy2mjbykmt43aiDxaMf2iNuJt7wfJtkqE5T0 d/YIalaPLvykZLkCP818AcrgT6Jvvl6rZGGsWnCnVcClVNOv0iOQBHi2IgF8Khh3LT9C lIl8r1z4M0r0iMNnW6jhYs3toiAxvS5BXhFF2uRbI/m+a70B5sHl2Om32Wjda9QpHgKs xPU0PirIuEJb9G4YHxolL/f4mScpa5EpLh0jKIE22HhPSrTgjoeQryhRhGyehCOMYITS JbKqE/Grn0dKKjT81P+60JxErDvSZY2aKbMOBmS+/Dd4k8nrUSVy25mUKnkFz0Vm5KY3 QE5Q==
X-Forwarded-Encrypted: i=1; AJvYcCWkpOkWY69BQRPS5V/W4KOZi38t1lF602XsFNRwFoEjptX945DEBdRaQUeSyQXX+KcMk3okKPoMUy6usLokvev82cq83TNNZFezr9horBxPzRW7jKMa8FGK0+FcEgdK/wukrjO/rjcZP23IBKjfpV2vuiX6ArYQ8A==
X-Gm-Message-State: AOJu0YwXd8SUrlkOWJyYFRzvEDggxxaoOaF4eZnNqwEusLrzFCL5U2YE 9I2s0jfGnIwZPyUZZisdhUqAiceYaz/TwyX+l7a5j8rZIwU3vRm20ty3KfEsbtcl4Mbg1+K+sAT ju1LB+ofHp02AnwI66ipOsZq8XO8f2MTW
X-Google-Smtp-Source: AGHT+IFoh0DTpkii6ctJPG844aJrxSVU0BrJ7mMdsWnzQxE2/8d1ucMc2NzpJ+2/UwCaHrnSAVz6k1qRavSRLVJqXu8=
X-Received: by 2002:a05:651c:1421:b0:2ea:91c1:f3d5 with SMTP id 38308e7fff4ca-2eadce3823emr8934521fa.15.1717731269615; Thu, 06 Jun 2024 20:34:29 -0700 (PDT)
MIME-Version: 1.0
References: <171690957965.11067.11831597982527870211@ietfa.amsl.com> <BL1PR18MB42777EB42DB48CE0CD596C5AACF12@BL1PR18MB4277.namprd18.prod.outlook.com>
In-Reply-To: <BL1PR18MB42777EB42DB48CE0CD596C5AACF12@BL1PR18MB4277.namprd18.prod.outlook.com>
From: Jen Linkova <furry13@gmail.com>
Date: Fri, 07 Jun 2024 13:34:18 +1000
Message-ID: <CAFU7BATFY5ENdQacmB7QHMy-LqC-4CZwPbycVi1YT3-WsWN8XQ@mail.gmail.com>
To: Jeremy Duncan <jduncan@tachyondynamics.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 7W7ZOJ2RF5QHKSX7M3RMR5MNZRQ5WDK5
X-Message-ID-Hash: 7W7ZOJ2RF5QHKSX7M3RMR5MNZRQ5WDK5
X-MailFrom: furry13@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF Secretariat <ietf-secretariat-reply@ietf.org>, "draft-link-v6ops-claton@ietf.org" <draft-link-v6ops-claton@ietf.org>, "v6ops-chairs@ietf.org" <v6ops-chairs@ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [v6ops] Re: The V6OPS WG has placed draft-link-v6ops-claton in state "Call For Adoption By WG Issued"
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/6NbmzT4hTattVXmplsfgmJ9_m64>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>

Hi Jeremy,

On Wed, May 29, 2024 at 1:39 AM Jeremy Duncan
<jduncan@tachyondynamics.com> wrote:
>
> I support adoption and request making these changes:
>
> "For performance and security reasons CLAT SHOULD NOT be enabled if
>    the node has IPv4 connectivity over the given interface."
>
> To
>
> "For performance and security reasons CLAT MUST NOT be enabled if
>    the node has IPv4 connectivity over the given interface."
>
> And
>
> "From a performance perspective, native IPv4 connectivity is
>    preferrable over 464XLAT, so CLAT SHOULD NOT be enabled if the node
>    has IPv4 connectivity over the given interface."
>
> To
>
> "From a performance perspective, native IPv4 connectivity is
>    preferrable over 464XLAT, so CLAT MUST NOT be enabled if the node
>    has IPv4 connectivity over the given interface."
>
>
> The discussion points and arguments made for security and performance reasons are laid out well as I think could make the case that this be a MUST NOT instead of a SHOULD NOT.

Thank you for your comments.
I'm kind of sitting on a fence re: SHOULD vs MUST.
On one hand, it seems undesirable in a general case to keep CLAT
enabled in the presence of IPv4.
OTOH, if we ever come across a case when the host administrator wants
to do it, it would be impossible w/o violating recommendations from
this document.
I can imagine that in some topologies (e.g. mobile networks or an
enterprise network with peer2peer isolation) the security implications
do not apply, so what if the administrator prefers to use CLAT
whenever possible?

>
> -----Original Message-----
> From: IETF Secretariat <ietf-secretariat-reply@ietf.org>
> Sent: Tuesday, May 28, 2024 11:20 AM
> To: draft-link-v6ops-claton@ietf.org; v6ops-chairs@ietf.org; v6ops@ietf.org
> Subject: [v6ops] The V6OPS WG has placed draft-link-v6ops-claton in state "Call For Adoption By WG Issued"
>
> CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you validate the sender and know the content is safe. Please forward this email to suspicious@tachyondynamics.com if you believe this email is suspicious.
>
> The V6OPS WG has placed draft-link-v6ops-claton in state Call For Adoption By WG Issued (entered by Nick Buraglio)
>
> The document is available at
> https://datatracker.ietf.org/doc/draft-link-v6ops-claton/
>
> Comment:
> This email starts an adoption call for the following document:
>
> Title : 464 Customer-side Translator (CLAT): Node Recommendations Authors : J. Linkova, T. Jensen Pages : 14 Date : 28-May-2024
>
> https://datatracker.ietf.org/doc/draft-link-v6ops-claton/
>
> This draft details how CLAT shall operate on endpoints.
>
> _______________________________________________
> v6ops mailing list -- v6ops@ietf.org
> To unsubscribe send an email to v6ops-leave@ietf.org



-- 
Cheers, Jen Linkova