Re: [v6ops] Éric Vyncke's No Objection on draft-ietf-v6ops-nat64-deployment-06: (with COMMENT)
JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Mon, 08 July 2019 13:11 UTC
Return-Path: <prvs=1092a35ad6=jordi.palet@consulintel.es>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B4BB120179; Mon, 8 Jul 2019 06:11:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uyXIOWQED0Ck; Mon, 8 Jul 2019 06:11:45 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [IPv6:2001:470:1f09:495::5]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BA87120165; Mon, 8 Jul 2019 06:11:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1562591501; x=1563196301; i=jordi.palet@consulintel.es; q=dns/txt; h=User-Agent:Date: Subject:From:To:CC:Message-ID:Thread-Topic:References: In-Reply-To:Mime-version:Content-type:Content-transfer-encoding; bh=M7GYib7bPAWrYt6elYpjrRTP6tiArwYPTTBIkn+xgaU=; b=vq/b6WOVEAAhE k021PiKStwVp0h4dS9PxyQWOuTvcoDjC8OKEtDq0hRrJOgdX18mteytBXDMg0eHE RBHEjVbnFCgBkcp5Dvxz+DtroHYeSf9yx+d8lIbLmaYeqC09jwjS12JPcUO/aSE+ O0R43iK1pdSjumJ8GtY6RgNXNrFMak=
X-MDAV-Result: clean
X-MDAV-Processed: mail.consulintel.es, Mon, 08 Jul 2019 15:11:41 +0200
X-Spam-Processed: mail.consulintel.es, Mon, 08 Jul 2019 15:11:40 +0200
Received: from [10.10.10.139] by mail.consulintel.es (MDaemon PRO v16.5.2) with ESMTPA id md50006319141.msg; Mon, 08 Jul 2019 15:11:39 +0200
X-MDRemoteIP: 2001:470:1f09:495:b8dc:4079:28f8:8ce7
X-MDHelo: [10.10.10.139]
X-MDArrival-Date: Mon, 08 Jul 2019 15:11:39 +0200
X-Authenticated-Sender: jordi.palet@consulintel.es
X-Return-Path: prvs=1092a35ad6=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
User-Agent: Microsoft-MacOutlook/10.10.b.190609
Date: Mon, 08 Jul 2019 15:11:38 +0200
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, The IESG <iesg@ietf.org>
CC: "v6ops@ietf.org" <v6ops@ietf.org>, "draft-ietf-v6ops-nat64-deployment@ietf.org" <draft-ietf-v6ops-nat64-deployment@ietf.org>, "v6ops-chairs@ietf.org" <v6ops-chairs@ietf.org>
Message-ID: <000E42C7-8564-4C7E-930E-076F1C0F1D11@consulintel.es>
Thread-Topic: [v6ops] Éric Vyncke's No Objection on draft-ietf-v6ops-nat64-deployment-06: (with COMMENT)
References: <156250429326.14626.2912462164177679261.idtracker@ietfa.amsl.com> <75A5EB61-3879-4F83-83BB-D65EE8799AF3@consulintel.es> <AB9BB6D8-24AF-4962-8C8E-D014DDE3B695@cisco.com>
In-Reply-To: <AB9BB6D8-24AF-4962-8C8E-D014DDE3B695@cisco.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/GJtqm-z5pjKFV6Sni2BLkv0MWNM>
Subject: Re: [v6ops] Éric Vyncke's No Objection on draft-ietf-v6ops-nat64-deployment-06: (with COMMENT)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 13:11:49 -0000
Hi Eric, I just posted a new version (https://datatracker.ietf.org/doc/draft-ietf-v6ops-nat64-deployment/). I believe it addresses all the issues and nits that you have raised (plus other nits that I've found as well). Again, thanks a lot for the very detailed review! Regards, Jordi @jordipalet El 8/7/19 8:45, "Eric Vyncke (evyncke)" <evyncke@cisco.com> escribió: Hola Jordi, A couple of my comments were about lacking of references for "known to work" or "monitored by some governmental bodies and other institutions" or ""with hundreds of millions of users" which are strong statements without any factual data behind them. I make me feel uncomfortable... the document would be much stronger if there were references (external papers are fine). Your explanations for "ACL of clients" are clear now. I suggest that you rewrite the section to add the example given in your reply. And, use a different name to the section ;-) Thank you for all the fixes and for authoring the document -éric On 07/07/2019, 23:39, "JORDI PALET MARTINEZ" <jordi.palet@consulintel.es> wrote: -- Section 3.1 -- "known to work": can you add references or data backing this statement ? Well, those are the models being used today in cellular and broadband networks. So I can just say that? -- Section 3.1.1 -- When discussing scenarii, please refer to the figure ID in the text for clarity. Done (I'm already editing a new version while writing this, pending on some that you can provide to my comments). -- Section 3.1.2 -- It is unclear to me whether "The support of this scenario" refers to the UE-only or the CPE deployment. It is referring to the "service provider network support". Will clarify it. Same demand as above: please refer to the figure ID in the text for clarity. Done! -- Sectio 3.2.1 -- I really wonder whether it is useful to describe this scenario as 'working under special conditions'... those 'special conditions' will probably never met in real life. More generally, I am unsure about the value of the whole section 3.2 (it is more like an academic thing). I think some of those scenarios are possible in some networks, may be not connecting to Internet, or for example, you may want to configure explicit mappings, which can be done with EAM. I just realized that I've not cited that. I will do. -- Section 4.1.1. -- Can you add reference and/or data for "monitored by some governmental bodies and other institutions". I believe that was pointed out by somebody in the WG, but it is true that some regulators do that. I recall having seen something about that in France, but I'm not 100% sure right now. Please add a reference for the use of "ipv4only.arpa". AFAIK Right, this is defined by RFC7050, done! draft-cheshire-sudn-ipv4only-dot-arpa appears to be dormant/dead. This is one of the issues that I've commented with Warren, responding to IANA. I understand he is sponsoring that document. -- Section 4.1.2 -- The leading paragraph is a little confusing as it assumed that CLAT exists (stated in the text but not in the section title). Will clarify it. -- Section 4.1.5 -- The section title is rather misleading "ACL of clients" and I wonder why a dual-stack client would use a DNS64 server as its recursive DNS server. Isn't it an obvious configuration mistake? No, I think that text is correct, but I will try to reword it to make it clearer. You may have a situation with IPv4-only servers, which are located, in the path between the dual-stack hosts and the NAT64. So, if the DNS64 is not configured to exclude those servers, it will synthetize the AAAA records and they will become unreachable. So that's why bind and other DNS64 servers provide this ACL function. -- Section 4.4.1 -- Some explanations of the consequences of a foreign DNS would be welcome. Done! -- Section 4.4.2 -- Rather than using "DNS privacy" please use "DNS request confidentiality" as the DNS64 will learn/glean about the client activities. I used this terminology as it was suggested as the common one for the different protocols in this category. I will try to confirm if is the right one just in case. May be rewording the title as "DNS Privacy/Encryption Mechanisms" ? -- Section 4.6 -- Please explain why older API is a problem (or rather rephrase it into applications using IPv4-only API). Done! -- Section 4.10 -- draft-ietf-tram-turnbis is also able to support IPv6-only client. It is currently in the same IESG status as this document. Definitively, will add a reference to it! -- Section 5 -- Please add data/references for "with hundreds of millions of users" I can cite several cellular networks, but I will do in a generic way, I don't think we should mention explicit providers, right?. -- Section 7 -- Not so much about security but about privacy. I would appreciate to have some text around the lack of privacy when using an external DNS64 as this server will learn about all clients activities. Good point, thanks. Will do! == NITS == Generally, please refrain from using "HEv2" in place of "Happy Eyeball version 2". Done! -- Section 3.1.1. -- Figure 1 shows a box containing both NAT64 and DNS64 while those functions could reside in different devices. Will clarify it. s/One more equivalent scenario/One additional equivalent scenario/ ? Done! -- Section 4.1 -- s/to an IPv6-only WAN/to an IPv6-only access network/ Done! _______________________________________________ v6ops mailing list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
- [v6ops] Éric Vyncke's No Objection on draft-ietf-… Éric Vyncke via Datatracker
- Re: [v6ops] Éric Vyncke's No Objection on draft-i… JORDI PALET MARTINEZ
- Re: [v6ops] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)
- Re: [v6ops] Éric Vyncke's No Objection on draft-i… JORDI PALET MARTINEZ
- Re: [v6ops] Éric Vyncke's No Objection on draft-i… Mudric, Dusan (Dusan)
- Re: [v6ops] Éric Vyncke's No Objection on draft-i… JORDI PALET MARTINEZ
- Re: [v6ops] Éric Vyncke's No Objection on draft-i… JORDI PALET MARTINEZ