Re: [v6ops] Status of CLAT implementation on iPhone? (IPv4 apps on IPv6-only PDP type)

Gert Doering <gert@space.net> Mon, 23 February 2015 18:20 UTC

Return-Path: <gert@Space.Net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0FB71A1F1D for <v6ops@ietfa.amsl.com>; Mon, 23 Feb 2015 10:20:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zp94UvPzlVy1 for <v6ops@ietfa.amsl.com>; Mon, 23 Feb 2015 10:20:29 -0800 (PST)
Received: from mobil.space.net (mobil.space.net [IPv6:2001:608:2:81::67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1544F1A1EF6 for <v6ops@ietf.org>; Mon, 23 Feb 2015 10:20:07 -0800 (PST)
X-Original-To: v6ops@ietf.org
Received: from mobil.space.net (localhost [IPv6:::1]) by mobil.space.net (Postfix) with ESMTP id F2385602FF for <v6ops@ietf.org>; Mon, 23 Feb 2015 19:20:05 +0100 (CET)
X-SpaceNet-Relay: true
Received: from moebius3.space.net (moebius3.Space.Net [IPv6:2001:608:2:2::250]) by mobil.space.net (Postfix) with ESMTPS id C6F056025D for <v6ops@ietf.org>; Mon, 23 Feb 2015 19:20:05 +0100 (CET)
Received: (qmail 97611 invoked by uid 1007); 23 Feb 2015 19:20:05 +0100
Date: Mon, 23 Feb 2015 19:20:05 +0100
From: Gert Doering <gert@space.net>
To: Tore Anderson <tore@fud.no>
Message-ID: <20150223182005.GO34798@Space.Net>
References: <54EB1F2F.4000604@gmail.com> <CAKD1Yr3P8mM80FuZBq0oKx9+AC5P0-NPdgWzGAtzT5yDnzRgbg@mail.gmail.com> <54EB443B.4080802@gmail.com> <CAD6AjGR-XrTQT5MBH5c8RJZ6z9s1XoP+oDzhRPzUkJ7rf6JEJQ@mail.gmail.com> <20150223190928.23340db8@envy.fud.no>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20150223190928.23340db8@envy.fud.no>
X-NCC-RegID: de.space
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/BLlkyvJxDYJD-Q57Wuzn7JWxvKg>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Status of CLAT implementation on iPhone? (IPv4 apps on IPv6-only PDP type)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Feb 2015 18:20:39 -0000

Hi,

On Mon, Feb 23, 2015 at 07:09:28PM +0100, Tore Anderson wrote:
> > [CLAT as an app]
> 
> Assuming it's possible to write such an app for iOs in the first place,
> couldn't you pre-load it on the handsets you sell and have it start up
> automatically? If so, the user wouldn't be required to care. As I
> understand it, it's common carrier practise to pre-load the handsets
> with other kinds of "value add" apps anyway, right?

>From what I understand, it would be possible to write such an app,
using the VPN API.  The problem with that API is that you need NDA'ed
documentation from Apple, and the resulting app needs to be specially
signed by Apple to be permitted to access it (which makes sense, given
that such an app is effectively able to steal other app's traffic) - so
you need fairly deep involvement from Apple, and if they are interested
enough to do that, they could write the CLAT themselves right away...

Auto-starting a VPN app is also possible (VPN on demand), but I'm not 
sure this can be tied to "only on 3G, and only if no IPv4 is there", so 
that aspect could be a bit tricky.

[..]
> For the record, I'm not disagreeing that having it in iOS proper would
> be the optimal solution. It just seems to me there's another viable way
> forward that does not depend on Apple being the ones to implement the
> CLAT. But I'm probably missing something?

Access restrictions to the VPN API...

Gert Doering
        -- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444           USt-IdNr.: DE813185279