IETF Logo Mail Archive

Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Tue, 03 July 2018 07:50 UTC

Return-Path: <prvs=172215dd68=jordi.palet@consulintel.es>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11160130E23 for <v6ops@ietfa.amsl.com>; Tue, 3 Jul 2018 00:50:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GPaLGjNWJC1R for <v6ops@ietfa.amsl.com>; Tue, 3 Jul 2018 00:50:42 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [IPv6:2001:470:1f09:495::5]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEC85126DBF for <v6ops@ietf.org>; Tue, 3 Jul 2018 00:50:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1530604240; x=1531209040; i=jordi.palet@consulintel.es; q=dns/txt; h=User-Agent:Date: Subject:From:To:CC:Message-ID:Thread-Topic:References: In-Reply-To:Mime-version:Content-type:Content-transfer-encoding; bh=ZRFkSMlkqrsHuYTOTINn9w8Uf9v3+PSI+wtWzxHBN5s=; b=SvjlkPTpqal7p R927/l90Ksp5OBDyWsyFtrY3mahmf7q5jq/g/ccPuW/5sV4jcRm5xjGTpZA+YJe+ ZNegXegHkXkOnbQPTN9D5WPscNjT40pPTlOeMrFm2qvxH60jUeLX1DqYi/kSskW1 IhwOtnOp41clcEq6vwPn8mmhutmmN4=
X-MDAV-Result: clean
X-MDAV-Processed: mail.consulintel.es, Tue, 03 Jul 2018 09:50:40 +0200
X-Spam-Processed: mail.consulintel.es, Tue, 03 Jul 2018 09:50:39 +0200
Received: from [10.10.10.130] by mail.consulintel.es (MDaemon PRO v16.5.2) with ESMTPA id md50005804689.msg for <v6ops@ietf.org>; Tue, 03 Jul 2018 09:50:39 +0200
X-MDRemoteIP: 2001:470:1f09:495:894b:51e:58ae:a2e5
X-MDHelo: [10.10.10.130]
X-MDArrival-Date: Tue, 03 Jul 2018 09:50:39 +0200
X-Authenticated-Sender: jordi.palet@consulintel.es
X-Return-Path: prvs=172215dd68=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: v6ops@ietf.org
User-Agent: Microsoft-MacOutlook/10.e.1.180613
Date: Tue, 03 Jul 2018 09:50:36 +0200
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: Fred Baker <fredbaker.ietf@gmail.com>
CC: "v6ops@ietf.org list" <v6ops@ietf.org>
Message-ID: <B03A3011-C57E-4B02-8331-46BC8BF708EE@consulintel.es>
Thread-Topic: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments
References: <663F489C-7F63-4B0C-A5E6-F7EE4634E62B@gmail.com> <60335039-287e-4fb3-870b-2c4fe9b5445d@otenet.gr> <2D196DD1-FF0F-4365-8F50-5AD98DCBA989@gmail.com> <787AE7BB302AE849A7480A190F8B93302DF4F296@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <1F8254E0-D425-486A-B744-EDA836266D99@consulintel.es> <0DEE4384-5CEE-4F9D-8152-4C10B5AEA365@gmail.com> <6195FD70-2934-46D0-8D39-D7FF15844CF7@consulintel.es> <5E7186D6-20BF-4153-A1AE-D25A256F92DA@gmail.com>
In-Reply-To: <5E7186D6-20BF-4153-A1AE-D25A256F92DA@gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/Q6RdZ7LV-V5KOViuJ5WLjd8bm08>
Subject: Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 07:50:45 -0000

Hi Fred,



In RFC6877, there is no mention of DNSSEC, in fact, this document explicitly mentions the case when DNS64 is not used, so I'm not sure I understand you comment on this.



Regards,

Jordi

 

 



-----Mensaje original-----

De: Fred Baker <fredbaker.ietf@gmail.com>

Fecha: lunes, 2 de julio de 2018, 22:40

Para: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>

CC: "v6ops@ietf.org list" <v6ops@ietf.org>

Asunto: Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments



    

    

    > On Jul 2, 2018, at 1:17 PM, JORDI PALET MARTINEZ <jordi.palet@consulintel.es> wrote:

    > 

    > DNSSEC is *only* broken if the dual-stack host is doing DNSSEC validation over the synthetized AAAA.

    

    So you're worried about DNSSEC validation working through NAT64 in the case that the host is using the DNS service in the IPv4 network through the NAT64 device.

    

    That doesn't have anything to do with DNS64; an a 464XLAT network, if we believe RFC 6877, the issue you raise happens in the absence of DNS64.

    




**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

v2.23.0 | Report a Bug | By Email