IETF Logo Mail Archive

Re: [v6ops] About Req for Comments - "Transition to IPv6"

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Thu, 12 March 2020 09:32 UTC

Return-Path: <prvs=1340af7d02=jordi.palet@consulintel.es>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31EAE3A03F5 for <v6ops@ietfa.amsl.com>; Thu, 12 Mar 2020 02:32:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE=1.999, SPF_HELO_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bWt_3NIDwrxi for <v6ops@ietfa.amsl.com>; Thu, 12 Mar 2020 02:32:35 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [IPv6:2001:470:1f09:495::5]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 096F63A0437 for <v6ops@ietf.org>; Thu, 12 Mar 2020 02:32:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1584005539; x=1584610339; i=jordi.palet@consulintel.es; q=dns/txt; h=User-Agent:Date: Subject:From:To:Message-ID:Thread-Topic:References:In-Reply-To: Mime-version:Content-type:Content-transfer-encoding; bh=iuN4JCET rbEhNG1h7Nrj/hEn130Rsrmn/Mu2+T2xdCg=; b=N0GDDW5L5swMg8fAELLi8ELN jRaALrdh12nhXcWaQ0DdIFvqPpHcn6HRqFRGWpUAHWEiEBvRb6tLSKrZ1n47tMtQ DWY1H29W7qcl8bVPlMZaCk70sSgCIqKuDKKuCS8/Ua6SqLVWYzyzzPdAb+XnKrqS pgh73JLNh9Z+BTNlMU8=
X-MDAV-Result: clean
X-MDAV-Processed: mail.consulintel.es, Thu, 12 Mar 2020 10:32:19 +0100
X-Spam-Processed: mail.consulintel.es, Thu, 12 Mar 2020 10:32:19 +0100
Received: from [10.10.10.144] by mail.consulintel.es (MDaemon PRO v16.5.2) with ESMTPA id md50000088917.msg for <v6ops@ietf.org>; Thu, 12 Mar 2020 10:32:18 +0100
X-MDRemoteIP: 2001:470:1f09:495:e0a6:81ab:ea8d:1a06
X-MDHelo: [10.10.10.144]
X-MDArrival-Date: Thu, 12 Mar 2020 10:32:18 +0100
X-Authenticated-Sender: jordi.palet@consulintel.es
X-Return-Path: prvs=1340af7d02=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: v6ops@ietf.org
User-Agent: Microsoft-MacOutlook/16.35.20030802
Date: Thu, 12 Mar 2020 10:32:15 +0100
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: v6ops <v6ops@ietf.org>
Message-ID: <D861372F-D843-4954-ADC0-5F86F8A29E48@consulintel.es>
Thread-Topic: [v6ops] About Req for Comments - "Transition to IPv6"
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com> <7eb4dc25-28a6-4927-2356-846e200681d2@gmail.com> <0791D4B0-8390-48D7-AF0A-CE004EC3224C@consulintel.es> <ccc75efb-8c00-ee97-5cc7-2e061e6e5a54@gmail.com> <52b6b9a4f46a49598eccee1b35e5efc5@irs.gov> <89127c25-9c51-c4bb-97ae-3567e80a4c52@gmail.com> <43D0E5A1-E5C5-4ACA-A44D-BC2F67129174@delong.com> <D2622B27-88F4-42A7-B944-C002F40D0DB7@consulintel.es> <2020030818294834486735@chinatelecom.cn> <CADzU5g5yzhK-4oxL=m5_C1fj=K7nXX9mDG49=gLRSs8XGkPXqA@mail.gmail.com> <B8678AA0-7D7A-4ACD-BB4A-DDEDE85ACB88@consulintel.es> <073925C4-5355-4C51-84A4-4D9545013552@delong.com> <4A5BDEE6-2B9E-4338-94C1-3BE9D6E37516@consulintel.es> <5c7debd563a04421be62d9e8f6c74cd1@irs.gov>
In-Reply-To: <5c7debd563a04421be62d9e8f6c74cd1@irs.gov>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/QH4YIEbuuAIXY5vQw6jNqbc_0Q8>
Subject: Re: [v6ops] About Req for Comments - "Transition to IPv6"
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Mar 2020 09:32:41 -0000

Hi Scott,

I worked for the equivalent Spanish government network (SARA) in the IPv6 deployment, so I understand how restritive is it.

I think my responses to Owen also cover your points, to avoid repetition. I can agree that they probably knew about the "issues", but as said, I think is better the clearly say it "yes we know, we don't care, is up to you, if you want to offer services to us".

I just wrote them again, asking to read this discussion, in case they aren't already following it and considering including an explicit note about "yes, we know ... is your problem".



El 10/3/20 20:29, "v6ops en nombre de Morizot Timothy S" <v6ops-bounces@ietf.org en nombre de Timothy.S.Morizot=40irs.gov@dmarc.ietf.org> escribió:

    
    JORDI PALET MARTINEZ wrote:
    >*** Then there is a problem. If they really want to have ALL the way thru only IPv6 in the LANs, the federal employees
    >will not be able to use *ANY* application that uses literal addresses (even a simple web page that is doing that).
    >Because there is NO transition mechanism that allows that. They are able to force all their internal apps to use only
    >IPv6, fine, but they have no control over the rest of the Internet. If they are thinking that NAT64+DNS64 resolves
    >that, they lost this “small” bit in their thinking. I’ve already reported them to the site that is asking for comments,
    >hopefully they really pay attention to the inputs.
    
    I'm intrigued that you believe that's inherently a problem. Perhaps you're not aware how restrictive
    US federal government networks often are? There are a great many things on the Internet I cannot
    access from my work computer, even for official work purposes. For example, I am the designated representative
    for my organization with ARIN. But during remote participation, I could not access jabber and
    cannot access slack from my work computer. I cannot access any conferencing platform from
    my work computer even for official, approved purposes. There are multiple levels of firewalls when
    I am connected to the enterprise network, all operating in default deny mode. My work computer
    presently has no direct access to any endpoint on the Internet. Every service allowed is proxied.
    And if things on the Internet do not work within our requirements, we don't use them.
    Now, removing even the perimeter service proxies to the public IPv4 Internet would fall
    into that last 20% that does not yet have a specifically mandated date. The emphasis,
    though, should likely be on *yet*. I know many of the people who contributed to
    the draft. I don't think they "lost" anything in their thinking.
     
    >*** I will be glad if they can send this memo to every small web site in the world,
    >because even if one of them is missing it, and need to be accessed by
    >the employees, will not work!
    
    It's published in the Federal Register. Those interested in advance warning about the
    steps the US government is planning to take on their own networks have it available.
    It will remain published by OMB when formally released. However, restricting access
    for federal employees is perfectly normal and occurs today for all sorts of
    reasons. Our networks do not operate under the premise that any system
    on our network must be able to access any arbitrary system, service,
    site, or application on the Internet. In fact, more the opposite applies.
    
    I believe Owen captured more the spirit and intent of this next step in
    the progression of the US federal government IPv6 transition. Despite
    the mandated dates, progress will almost certainly continue to be uneven across agencies.
    But the reporting requirements are something of a stick. Compliance with
    regulations and other requirements tends to be one of the drivers
    in government decision-making, especially since profit is not normally
    the factor it is in commercial decision-making.
    
    Scott
    
    _______________________________________________
    v6ops mailing list
    v6ops@ietf.org
    https://www.ietf.org/mailman/listinfo/v6ops
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

v2.23.0 | Report a Bug | By Email