Re: [v6ops] Fwd: New Version Notification for draft-hilliard-v6ops-host-addr-update-00.txt
Scott Morizot <tmorizot@gmail.com> Tue, 18 July 2017 17:38 UTC
Return-Path: <tmorizot@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFDD5131B57 for <v6ops@ietfa.amsl.com>; Tue, 18 Jul 2017 10:38:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y0-s4mUJ9fLA for <v6ops@ietfa.amsl.com>; Tue, 18 Jul 2017 10:38:10 -0700 (PDT)
Received: from mail-ua0-x22b.google.com (mail-ua0-x22b.google.com [IPv6:2607:f8b0:400c:c08::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53B0012EC3A for <v6ops@ietf.org>; Tue, 18 Jul 2017 10:38:10 -0700 (PDT)
Received: by mail-ua0-x22b.google.com with SMTP id 35so32215390uax.3 for <v6ops@ietf.org>; Tue, 18 Jul 2017 10:38:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lCa/pb1Of8m9/s2C5hXGOsPfyjES073MCml3qVAJ6nU=; b=MoMMT/QSMQZtKHUHew9bMqIgCLt0x3uN4j28Y2FWvwbwRnTHxzFuAXuIRp2ZCau0Ze nQ5M6WSUuhdo47bFjYWO/YLJWRy65RHArnSMIGiTvbUMtHJ68801Q/NlRbA2rEzFvjRT GHJqhEwG7qfVgUrpIxu03kh6FOWIS8QChwjJI3JRIlWV+f92LRj+y+6EPIYCH0Y5Wx2K p+f6gNYlmCsPg4WbIVjsDmCJX8+2dJxHzs872XchNIkw9dYhC84BRgHnQg6AR5EfOuFB rJKsqSWRYdq/c+dNhuGcU0PoVg9xc1T5K9i9KNnw1tRldcHK/sGm9Z0XfEomd4/tnG6n jT/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lCa/pb1Of8m9/s2C5hXGOsPfyjES073MCml3qVAJ6nU=; b=PNaAVO2f3OmuWTGhaHmUJ9Gc4KCswgV9C10HCIRm6mzgPYpecVvOJBvWTpChNAOIHr Q4pLiyzgUwBkKmxrHkRv3A08C8t7Uv8LL4RUBjVnNEB6B25xJ6/x29MKPpdUX9TA03AN SfXsJO29QHRHlxJ1mtWjS+YuCoAbkCLFgWEMfp8Zz68rMHb/dUX5wmUWN/NW1LWMzpmP 3SgN10NXvPDHL4DsYshSBZNEyQ2iMEFbbff+/NoyRf7CdmucqKGhrGzWhCUEnR/YBEjE MZQtAMrH++zmft4EWlUYpu74+AXoBHwdm+t8ITp1jy9J8KhCDyGIuVP86LK98CNa21EJ X17g==
X-Gm-Message-State: AIVw111S5DW24ce0+CBspdFe6OLsyzcacW/GfKp3OT8NlilB8jod06Na N1CuMmluWIXFNXuvcklkXiQxeM+Psw==
X-Received: by 10.31.70.6 with SMTP id t6mr1331229vka.21.1500399489372; Tue, 18 Jul 2017 10:38:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.164.72 with HTTP; Tue, 18 Jul 2017 10:38:08 -0700 (PDT)
In-Reply-To: <CAO42Z2wFSXWru_Tgwpuf2xgOCr2iX0BwrTHvnS2TcR6EQBi1Fw@mail.gmail.com>
References: <596CF817.8040900@foobar.org> <CAO42Z2wFSXWru_Tgwpuf2xgOCr2iX0BwrTHvnS2TcR6EQBi1Fw@mail.gmail.com>
From: Scott Morizot <tmorizot@gmail.com>
Date: Tue, 18 Jul 2017 12:38:08 -0500
Message-ID: <CAFy81rmZefKx6jTsS+8J9fJANXwm1cOKdE6L17Yu4xri4xgY7g@mail.gmail.com>
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Nick Hilliard <nick@foobar.org>, IPv6 Operations <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="001a11484e3895d74405549afa98"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/Iuw790Xh23tSG1v9YCrizJHT7k8>
Subject: Re: [v6ops] Fwd: New Version Notification for draft-hilliard-v6ops-host-addr-update-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jul 2017 17:38:13 -0000
Perhaps the actual problem is a limited active participation in the IETF process by certain groups, such as the large enterprise networks (outside enterprise networks of large technology companies) sphere? That has always been my day to day environment and focus whether as an application developer, network engineer, or from any of the other hats that are dropped in my lap, including interacting with groups of organizations outside my own. I confess I read mailing list discussions intermittently and actively say anything much less frequently than I read. But comments like the below leave me bemused. Those sorts of networks are highly constrained. Hosts and developers have to coordinate even to be allowed on the network. Things that are purchased and deployed generally have to meet our requirements and lots of things are eliminated from consideration because they don't. If something has special requirements, there's a lengthy process designing, testing, and documenting the changes in the security boundary. Innovation is certainly restricted and coordinated, even with in house developed applications. There are lots of processes and tools integrated with DHCP assignment information. But that's hardly the only data collected, the only layer of protection, or the only avenue pursued when doing forensic analysis of an attack. Connection security in one form or another is used. ARP/Neighbor table information (as well as configuration in general) is collected and tracked. Log data at every level is collected. There's IDS/IPS and packet collectors at different key points. There are firewalls at all sorts of different points from the host up. But no large enterprise is merely looking for purely malicious traffic. They are also auditing and analyzing all activity by authorized users. It's a highly inspected, highly constrained networking environment and always will be. A lot of those automated processes are tied into DHCP data. It's not that that's the only source of forensic data, the sole audit point, or the single point of protection. But a lot of automated tools/processes are built around that data and that is not going to change quickly. Perhaps when IPv4 is removed from much of the enterprise, it can be considered, though there would have to be a compelling reason for enterprises to make such a change. No such compelling reason currently exists. It will not happen before then except in very special circumstances on different networks from most hosts, not on general purpose data networks. Host developers who want to sell to such enterprises will support DHCPv6 IA_NA address assignment on networks that provide no other alternative. They already do for the most part because those networks exist today. And they will continue to exist for a good number of years to come, whatever the IETF decides to recommend or not recommend. If a host/node developer has a special use case (as a limited IOT device such as door key card access devices and alarm sensors very well might) and a large enterprise of the sort I've described has a need for it, that might be engineered in a special network of its own. So it's not an absolute that any given host/node that wants to sell to large enterprises of the sort I've noted above has to support DHCPv6 IA_NA address assignment. But as a general rule of thumb? That should probably be the default expectation. It should be considered, at least. So I support the idea behind the changes to RFC 7934 proposed in the draft, however they might be wordsmithed, as it more accurately reflects reality. The current description may reflect a "best common practice" for general use data on some networks and in some environments. It is not even vaguely the common practice elsewhere. And it's unlikely to be anytime soon. If the purpose of the document is to express what the IETF wished were the common practice on most networks, that's fine. If its purpose is to express the actual common practice, the current document falls short. I have a hard time feeling too strongly about it, though. Host/node developers often do want to sell to large enterprises, and as such they typically will meet their specified requirements. I don't expect that to change whatever the IETF chooses to publish. That's one situation in which money does usually talk. Scott On Mon, Jul 17, 2017 at 7:59 PM, Mark Smith <markzzzsmith@gmail.com> wrote: > Fundamentally, we don't want hosts and application developers to have > to ask for permission from the network to innovate, nor have the > network impose artificial constraints on innovation. Artificial > address scarcity is following the traditional telephone network > scarcity model. (See David Isenberg's "Rise of the Stupid Network") > >
- [v6ops] Fwd: New Version Notification for draft-h… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… Ted Lemon
- Re: [v6ops] Fwd: New Version Notification for dra… Lorenzo Colitti
- Re: [v6ops] Fwd: New Version Notification for dra… Job Snijders
- Re: [v6ops] Fwd: New Version Notification for dra… Ted Lemon
- Re: [v6ops] Fwd: New Version Notification for dra… Alexandre Petrescu
- Re: [v6ops] Fwd: New Version Notification for dra… Ross Chandler
- Re: [v6ops] Fwd: New Version Notification for dra… Alexandre Petrescu
- Re: [v6ops] Fwd: New Version Notification for dra… Ross Chandler
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… Erik Kline
- Re: [v6ops] Fwd: New Version Notification for dra… Lorenzo Colitti
- Re: [v6ops] Fwd: New Version Notification for dra… Brian E Carpenter
- Re: [v6ops] Fwd: New Version Notification for dra… Mark Smith
- Re: [v6ops] New Version Notification for draft-hi… james woodyatt
- Re: [v6ops] Fwd: New Version Notification for dra… Ted Lemon
- Re: [v6ops] Fwd: New Version Notification for dra… Alexandre Petrescu
- Re: [v6ops] Fwd: New Version Notification for dra… Lorenzo Colitti
- Re: [v6ops] Fwd: New Version Notification for dra… joel jaeggli
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… Ted Lemon
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard
- Re: [v6ops] Fwd: New Version Notification for dra… Ted Lemon
- Re: [v6ops] Fwd: New Version Notification for dra… Ted Lemon
- Re: [v6ops] New Version Notification for draft-hi… james woodyatt
- Re: [v6ops] Fwd: New Version Notification for dra… Lorenzo Colitti
- Re: [v6ops] Fwd: New Version Notification for dra… Jen Linkova
- Re: [v6ops] Fwd: New Version Notification for dra… Scott Morizot
- Re: [v6ops] Fwd: New Version Notification for dra… Ted Lemon
- Re: [v6ops] New Version Notification for draft-hi… Scott Morizot
- Re: [v6ops] New Version Notification for draft-hi… Ted Lemon
- Re: [v6ops] Fwd: New Version Notification for dra… Scott Morizot
- Re: [v6ops] RFC7934 Alexandre Petrescu
- Re: [v6ops] RFC7934 Ted Lemon
- Re: [v6ops] Fwd: New Version Notification for dra… Ross Chandler
- Re: [v6ops] RFC7934 Alexandre Petrescu
- Re: [v6ops] RFC7934 Ted Lemon
- Re: [v6ops] RFC7934 Jen Linkova
- Re: [v6ops] Fwd: New Version Notification for dra… Brian E Carpenter
- Re: [v6ops] RFC7934 Mark Smith
- Re: [v6ops] RFC7934 Ted Lemon
- Re: [v6ops] Fwd: New Version Notification for dra… Lorenzo Colitti
- Re: [v6ops] Fwd: New Version Notification for dra… Ted Lemon
- Re: [v6ops] RFC7934 Alexandre Petrescu
- Re: [v6ops] RFC7934 Ted Lemon
- Re: [v6ops] Fwd: New Version Notification for dra… Jen Linkova
- Re: [v6ops] RFC7934 Alexandre Petrescu
- Re: [v6ops] RFC7934 Jen Linkova
- Re: [v6ops] RFC7934 Alexandre Petrescu
- Re: [v6ops] New Version Notification for draft-hi… Gert Doering
- Re: [v6ops] New Version Notification for draft-hi… Lorenzo Colitti
- Re: [v6ops] RFC7934 Alexandre Petrescu
- Re: [v6ops] RFC7934 Ted Lemon
- Re: [v6ops] RFC7934 Alexandre Petrescu
- Re: [v6ops] New Version Notification for draft-hi… Brian E Carpenter
- Re: [v6ops] New Version Notification for draft-hi… Gert Doering
- Re: [v6ops] New Version Notification for draft-hi… Gert Doering
- Re: [v6ops] New Version Notification for draft-hi… Lorenzo Colitti
- Re: [v6ops] New Version Notification for draft-hi… Gert Doering
- Re: [v6ops] New Version Notification for draft-hi… Mikael Abrahamsson
- Re: [v6ops] New Version Notification for draft-hi… Lorenzo Colitti
- Re: [v6ops] New Version Notification for draft-hi… Alexandre Petrescu
- Re: [v6ops] New Version Notification for draft-hi… Tore Anderson
- Re: [v6ops] New Version Notification for draft-hi… JORDI PALET MARTINEZ
- Re: [v6ops] New Version Notification for draft-hi… Ted Lemon
- Re: [v6ops] New Version Notification for draft-hi… Lorenzo Colitti
- Re: [v6ops] New Version Notification for draft-hi… Bernie Volz (volz)
- Re: [v6ops] New Version Notification for draft-hi… Lorenzo Colitti
- Re: [v6ops] New Version Notification for draft-hi… Jen Linkova
- Re: [v6ops] New Version Notification for draft-hi… Jen Linkova
- Re: [v6ops] New Version Notification for draft-hi… Jen Linkova
- Re: [v6ops] New Version Notification for draft-hi… Bernie Volz (volz)
- Re: [v6ops] New Version Notification for draft-hi… STARK, BARBARA H
- Re: [v6ops] New Version Notification for draft-hi… Ted Lemon
- Re: [v6ops] New Version Notification for draft-hi… Lorenzo Colitti
- Re: [v6ops] New Version Notification for draft-hi… STARK, BARBARA H
- Re: [v6ops] New Version Notification for draft-hi… Tim Chown
- Re: [v6ops] New Version Notification for draft-hi… Nick Hilliard
- Re: [v6ops] New Version Notification for draft-hi… Tim Chown
- Re: [v6ops] New Version Notification for draft-hi… Nick Hilliard
- Re: [v6ops] New Version Notification for draft-hi… Tim Chown
- Re: [v6ops] New Version Notification for draft-hi… Lorenzo Colitti
- Re: [v6ops] New Version Notification for draft-hi… Tim Chown
- Re: [v6ops] New Version Notification for draft-hi… Lorenzo Colitti
- Re: [v6ops] New Version Notification for draft-hi… Tim Chown
- Re: [v6ops] Fwd: New Version Notification for dra… Nick Hilliard