[v6ops] Re: The V6OPS WG has placed draft-link-v6ops-claton in state "Call For Adoption By WG Issued"
Jen Linkova <furry13@gmail.com> Fri, 07 June 2024 03:10 UTC
Return-Path: <furry13@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6BE6C14F614; Thu, 6 Jun 2024 20:10:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.846
X-Spam-Level:
X-Spam-Status: No, score=-6.846 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W_e0LMoo9oEs; Thu, 6 Jun 2024 20:09:59 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 857E6C14F60E; Thu, 6 Jun 2024 20:09:59 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id 38308e7fff4ca-2eaccc0979eso19424201fa.1; Thu, 06 Jun 2024 20:09:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717729798; x=1718334598; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=BjNXVF5Vb7tUyDKwDomjs6isThn/aI5vMKxDFTL/HbM=; b=fLorZ0Gpr3Ko06QBRNirePUQnpzbvFpLs67N793l4pneofZvsreNIK6/S/GEkmRTDf eDdTGPGANPJLltQ3Z3znNpDBOIaDeWsGwAiIHdZchNlGEIz37zLfRHSOLdlFWuhMWrnB Y9EcvyziG2PSlfLR9z4dzureQZ20/rH+6Me7kBfd9woffckNb3cH3NtkuEgmdYNBYnSm 3RCeYKVxx16t//+r8SowbhOURW6faFRDtAv0rBCr/wTuuJczgRSEriaSEHtYTdO+2Ige MKVe3SyfXeN3BoksXTLCQkG1h8Lvcd38pIFhhOFlDNn9RJl52Y/CuFupUZaLvMOUPJoz 9vXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717729798; x=1718334598; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BjNXVF5Vb7tUyDKwDomjs6isThn/aI5vMKxDFTL/HbM=; b=UPp77rHQX7dwTf5X9voHLR5k19sq6IIHdv+6qGs52NhHOQvyvKgw+wtVnRqJk3BWF7 3LAfjtKcixyCVQhYv8vk00Y9RKrBofBHZIshtu0xHycPlq6ZO2uXZu0ZQvlFrE5Be+Cr AQmJeY1nVQKfavgtQutIgeHB143Dkp8Mxvjv1HIWUTz1UhDiWtYfhwS5E7unlji+ucwo JRV8dmXpuvfQmFNKI6WtsfnT8accOfJft/FknKl+ho1n1QPGmz7tTJDY0gNsV5JmQV62 6wlRtj1D2mGp+811epZQ/TyDy5kcUxIwlS3SKR/3OVAZzYlHVa4/6R5LIW+ImvLQUMOU HWsA==
X-Forwarded-Encrypted: i=1; AJvYcCUTgMrjsHR6bGH4OjSSTS7QoQuCvF6xz/q9G769b/NS+X0+6MO8G3AVl+pAs86ziwVdbaKlHU6CJ3w9Hb0XTqIRLDXgCeZ//y0y7uxEreYgHAamw7iWaCXq1ubgbxQPGLL5sihwCepFKcSo7mzZyObKdcRDZ6D9HhK9SYJWeo3W2SX+2ItGprOs12fdX/8NmNDzdeaZL7RZlg==
X-Gm-Message-State: AOJu0Yw3fUzIuBGrzt4r66N6tzLzkEh9D5cgjLo499c38Oo4r5LQlfjg IIY6MFW1TtrgMGwiRFZALXQ5T0B0XXQ+Oks2ZVZcATlfMwcZPEAMi4J/Vh0MiGIqObrAWTvMtMO ufMnCYf0r0hZT8YZWVpSliUMSHEv0MP2QG3M=
X-Google-Smtp-Source: AGHT+IHOESL65sy3LzsiKtbJ0ylThwXEHDM/IR71qGF7nlnfiAjk5UqPqjBinzsOCJZlqcvTmS2H3w5mZPNcNl3WAeY=
X-Received: by 2002:a05:651c:11d4:b0:2e9:82ac:ba6b with SMTP id 38308e7fff4ca-2eadce7fe33mr6951571fa.50.1717729797430; Thu, 06 Jun 2024 20:09:57 -0700 (PDT)
MIME-Version: 1.0
References: <171690957965.11067.11831597982527870211@ietfa.amsl.com> <BL1PR18MB42777EB42DB48CE0CD596C5AACF12@BL1PR18MB4277.namprd18.prod.outlook.com> <CAE=N4xcn-pYn4N9PnGpD-WNkHOYa7-1Lc-0oWuqAiOmE1pNROw@mail.gmail.com>
In-Reply-To: <CAE=N4xcn-pYn4N9PnGpD-WNkHOYa7-1Lc-0oWuqAiOmE1pNROw@mail.gmail.com>
From: Jen Linkova <furry13@gmail.com>
Date: Fri, 07 Jun 2024 13:09:45 +1000
Message-ID: <CAFU7BASPWOk9c2jZF=k7gKmVTTTtKhfixsYf=hBvOmteH3iJ8A@mail.gmail.com>
To: Ed Horley <ed@hexabuild.io>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: EOFTUIU6VHX6ZO6PD3CDUHYAGCKN5UQR
X-Message-ID-Hash: EOFTUIU6VHX6ZO6PD3CDUHYAGCKN5UQR
X-MailFrom: furry13@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Jeremy Duncan <jduncan=40tachyondynamics.com@dmarc.ietf.org>, IETF Secretariat <ietf-secretariat-reply@ietf.org>, "draft-link-v6ops-claton@ietf.org" <draft-link-v6ops-claton@ietf.org>, "v6ops-chairs@ietf.org" <v6ops-chairs@ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [v6ops] Re: The V6OPS WG has placed draft-link-v6ops-claton in state "Call For Adoption By WG Issued"
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/MWNFo9ThMeugF7ZNXfmzdzHMjYE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>
First of all, sorry for the radio silence, I was on vacation. On Fri, May 31, 2024 at 1:09 AM Ed Horley <ed@hexabuild.io> wrote: > Jeremy, > While I am okay with changing these to a MUST, I do wonder about the situation with APIPA addresses and if that might potentially impact a given node that might have self provisioned an IPv4 address to a given interface. Is an APIPA address considered valid IPv4 connectivity (perhaps the node is doing mDNS and has discovered a resource it needs?) There might need to be an exception to account for this? The draft currently exclude link-local addresses from SHOULD NOT, as the second paragraph of 'Disabling CLAT' section clarifies: "The node SHOULD disable CLAT immediately upon obtaining an IPv4 address via DHCP or a non-link-local ([RFC3927]) IPv4 address through manual or automated fallback configuration." IMHO the presence of link-local IPv4 addresses shouldn't impact CLAT, as the security considerations do not apply in that case. We'll make the changes to clarify that "IPv4 connectivity" doesn't include IPv4 link-local addresses. > On Tue, May 28, 2024 at 8:39 AM Jeremy Duncan <jduncan=40tachyondynamics.com@dmarc.ietf.org> wrote: >> >> I support adoption and request making these changes: >> >> "For performance and security reasons CLAT SHOULD NOT be enabled if >> the node has IPv4 connectivity over the given interface." >> >> To >> >> "For performance and security reasons CLAT MUST NOT be enabled if >> the node has IPv4 connectivity over the given interface." >> >> And >> >> "From a performance perspective, native IPv4 connectivity is >> preferrable over 464XLAT, so CLAT SHOULD NOT be enabled if the node >> has IPv4 connectivity over the given interface." >> >> To >> >> "From a performance perspective, native IPv4 connectivity is >> preferrable over 464XLAT, so CLAT MUST NOT be enabled if the node >> has IPv4 connectivity over the given interface." >> >> >> The discussion points and arguments made for security and performance reasons are laid out well as I think could make the case that this be a MUST NOT instead of a SHOULD NOT. >> >> >> -Jeremy >> >> >> -----Original Message----- >> From: IETF Secretariat <ietf-secretariat-reply@ietf.org> >> Sent: Tuesday, May 28, 2024 11:20 AM >> To: draft-link-v6ops-claton@ietf.org; v6ops-chairs@ietf.org; v6ops@ietf.org >> Subject: [v6ops] The V6OPS WG has placed draft-link-v6ops-claton in state "Call For Adoption By WG Issued" >> >> CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you validate the sender and know the content is safe. Please forward this email to suspicious@tachyondynamics.com if you believe this email is suspicious. >> >> The V6OPS WG has placed draft-link-v6ops-claton in state Call For Adoption By WG Issued (entered by Nick Buraglio) >> >> The document is available at >> https://datatracker.ietf.org/doc/draft-link-v6ops-claton/ >> >> Comment: >> This email starts an adoption call for the following document: >> >> Title : 464 Customer-side Translator (CLAT): Node Recommendations Authors : J. Linkova, T. Jensen Pages : 14 Date : 28-May-2024 >> >> https://datatracker.ietf.org/doc/draft-link-v6ops-claton/ >> >> This draft details how CLAT shall operate on endpoints. >> >> _______________________________________________ >> v6ops mailing list -- v6ops@ietf.org >> To unsubscribe send an email to v6ops-leave@ietf.org >> _______________________________________________ >> v6ops mailing list -- v6ops@ietf.org >> To unsubscribe send an email to v6ops-leave@ietf.org > > > > -- > Ed Horley > ed@hexabuild.io | (925) 876-6604 > Advancing Cloud, IoT, and Security with IPv6 > https://hexabuild.io > And check out the IPv6 Buzz Podcast at https://packetpushers.net/series/ipv6-buzz/ -- Cheers, Jen Linkova
- [v6ops] The V6OPS WG has placed draft-link-v6ops-… IETF Secretariat
- [v6ops] Re: The V6OPS WG has placed draft-link-v6… Jeremy Duncan
- [v6ops] Re: The V6OPS WG has placed draft-link-v6… Ed Horley
- [v6ops] Re: The V6OPS WG has placed draft-link-v6… Jeremy Duncan
- [v6ops] Re: The V6OPS WG has placed draft-link-v6… Ed Horley
- [v6ops] Re: The V6OPS WG has placed draft-link-v6… Xipengxiao
- [v6ops] Re: The V6OPS WG has placed draft-link-v6… Jen Linkova
- [v6ops] Re: The V6OPS WG has placed draft-link-v6… Jeremy Duncan
- [v6ops] Re: The V6OPS WG has placed draft-link-v6… Gert Doering
- [v6ops] Re: The V6OPS WG has placed draft-link-v6… Xipengxiao
- [v6ops] Re: The V6OPS WG has placed draft-link-v6… Jen Linkova
- [v6ops] Re: The V6OPS WG has placed draft-link-v6… jordi.palet@consulintel.es
- [v6ops] Re: The V6OPS WG has placed draft-link-v6… Nick Buraglio
- [v6ops] Re: The V6OPS WG has placed draft-link-v6… Xipengxiao