Re: [v6ops] Default IPv6 Local Only Addressing for Non-Internet Devices (Fwd: New Version Notification for draft-smith-v6ops-local-only-addressing-00.txt)
Eliot Lear <lear@cisco.com> Thu, 17 October 2019 10:25 UTC
Return-Path: <lear@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 857B0120860 for <v6ops@ietfa.amsl.com>; Thu, 17 Oct 2019 03:25:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eZV2qcrngqxa for <v6ops@ietfa.amsl.com>; Thu, 17 Oct 2019 03:25:24 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 658001200E7 for <v6ops@ietf.org>; Thu, 17 Oct 2019 03:25:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7107; q=dns/txt; s=iport; t=1571307924; x=1572517524; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=cXmNzeeVVUE1sSFYeRdqgRJdy4dzZoVgGY9rO5ql8vg=; b=FFXXarraRRCTQ5zd3HskfB/pk7qC4pGLy5RVDxNmKpwlv1QFcEIu0MFC yELhapqd29XDjmOIHsY+YPh37/6Idr2podVnHy44tCEaHQliZzswLSzmV 5Hm82u08vNcuZ/qMR8CoRf4rRJ2Vl3kagMPwQVI5dDem5wnmX3/CA9VjL c=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AMAADHQKhd/xbLJq1lGQEBAQEBAQEBAQEBAQEBAQEBEQEBAQEBAQEBAQEBgWkCAQEBAQELAYNfIBIqhCWJAod0iWuJM4YPgXsCBwEBAQkDAQEvAQGEQAKDJjYHDgIDCQEBBAEBAQIBBQRthTmFSwEBAQMBI1QCBQsLDgojBwICITYGEx+DAwGCRgMOIK5bdYEyhU2CRA2CGxCBNAGBUopTgX+BOB+CHi4+ghqFODKCLASNIQqJBJZhQYIsgjKBE41RhAsbjhCLNphki3aDFAIEBgUCFYFZDiQqDYEhMxoIGxVlAYJBPhIQFIIIjhA/AzCRPgEB
X-IronPort-AV: E=Sophos;i="5.67,307,1566864000"; d="asc'?scan'208,217";a="18102133"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 Oct 2019 10:25:22 +0000
Received: from [10.61.214.60] ([10.61.214.60]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x9HAPLUU013501 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 17 Oct 2019 10:25:22 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <CF64B0BB-A871-4FE7-97CD-D6A58E0E8131@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_3A272F8F-02CA-4652-8803-A2095C3D958D"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 17 Oct 2019 12:25:21 +0200
In-Reply-To: <CAFU7BAQfXPzcpDVHu51JpjQUbB1aK+c3iCQEts=7PG842mryDg@mail.gmail.com>
Cc: v6ops list <v6ops@ietf.org>
To: Jen Linkova <furry13@gmail.com>
References: <157110985111.24757.5250925329628210289.idtracker@ietfa.amsl.com> <CAO42Z2wFHVwUG+P8fhFqCJg9X4BN0JLooCtKjiQ8LsxzxKsCDQ@mail.gmail.com> <CAFU7BATLc8dF--hMhEoJj0n4bKD_MEt_BVbbEmGFp_hkrnaPqw@mail.gmail.com> <1E853367-E538-4C30-9689-3075BFB1D64F@gmail.com> <CAFU7BAQfXPzcpDVHu51JpjQUbB1aK+c3iCQEts=7PG842mryDg@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-Outbound-SMTP-Client: 10.61.214.60, [10.61.214.60]
X-Outbound-Node: aer-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/PXfi8RWqaWLKN3LpBc_ivNfB3Qo>
Subject: Re: [v6ops] Default IPv6 Local Only Addressing for Non-Internet Devices (Fwd: New Version Notification for draft-smith-v6ops-local-only-addressing-00.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2019 10:25:27 -0000
Hi, > On 16 Oct 2019, at 11:19, Jen Linkova <furry13@gmail.com> wrote: > > On Wed, Oct 16, 2019 at 4:54 PM Fred Baker <fredbaker.ietf@gmail.com> wrote: >>> On Oct 15, 2019, at 1:11 AM, Jen Linkova <furry13@gmail.com> wrote: >>> >>> The draft says '...when it is clear to a device manufacturer that a >>> device should be isolated from the Internet by default..' >>> I'm not sure it's possible to know that. >> >> It *is* possible for the device to prevent its packets from going elsewhere, > > Sorry I should have clarified: I'm questioning the statement that it's > possible (or should be done) to know at the time of manufacturing that > this particular > device should be isolated from the Internet. > Let's say I'm buying a printer. Or an IoT device (a sensor). How can > the manufacturer know if I'm going to install it at my mom's home > network with just one subnet (the link-local address would be > sufficient), at my place (with subnets, so GUAs are needed or at least > ULAs - but I would mean I have to configure my routers) or at my > office (so GUA are required for the device to work)? > > Will I need to look for 'work with multiple network segments' sticker > on a box before I buy a device (and shall I test it in the lab because > vendors tend to be overly optimistic about their products feature > set)? Ted mentioned RFC 8520 and Manufacturer Usage Descriptions. Here the manufacturer can tell you what it was designed to access. That’s not to say that you have to grant that access, but that some functions may be lost if you don’t grant that access. For a consumer device, this can mean different things: Device won’t work at all (Echos, Hey Google) Device will work perfectly without Internet access or any local access (most kitchen and home appliances) The device will lose some functionality but otherwise operate (no firmware updates, maybe no notifications about malfunctions, status, etc). Whether you want to grant access probably should not be made based on the IP address, but on the network access control function. Eliot
- [v6ops] Default IPv6 Local Only Addressing for No… Mark Smith
- Re: [v6ops] Default IPv6 Local Only Addressing fo… Ted Lemon
- Re: [v6ops] Default IPv6 Local Only Addressing fo… Jen Linkova
- Re: [v6ops] Default IPv6 Local Only Addressing fo… Gert Doering
- Re: [v6ops] Default IPv6 Local Only Addressing fo… Dmytro Shytyi
- Re: [v6ops] Default IPv6 Local Only Addressing fo… Ted Lemon
- Re: [v6ops] Default IPv6 Local Only Addressing fo… Fred Baker
- Re: [v6ops] Default IPv6 Local Only Addressing fo… Fred Baker
- Re: [v6ops] Default IPv6 Local Only Addressing fo… Jen Linkova
- Re: [v6ops] Default IPv6 Local Only Addressing fo… Mark Andrews
- Re: [v6ops] Default IPv6 Local Only Addressing fo… Simon Hobson
- Re: [v6ops] Default IPv6 Local Only Addressing fo… Jen Linkova
- Re: [v6ops] Default IPv6 Local Only Addressing fo… Eliot Lear
- Re: [v6ops] Default IPv6 Local Only Addressing fo… Alexandre Petrescu