Re: [v6ops] new draft: draft-ietf-v6ops-6204bis

["Weil, Jason" <jason.weil@twcable.com>]

Fwiw my only interest in PCP today is to satisfy REC-48 type functionality in a native Dual-stack CPE Router with an IPv6 firewall enabled. We are specifying RFC6092 functionality today for home gateways and the two options on the table to allow applications to signal their requirements to firewall are (I thought) PCP and UPnP.  If PCP isn't ready to do this functionality fairly soon then it is becomes mostly  useless in my book and I will have to look elsewhere for that functionality. If it is close and we can get it included in 6204bis, it would make sense to wait for it.

Thanks,

Jason

From: v6ops-bounces@ietf.org [mailto:v6ops-bounces@ietf.org] On Behalf Of james woodyatt
Sent: Tuesday, October 18, 2011 2:41 PM
To: IPv6 Operations
Cc: pcp-chairs@tools.ietf.org; draft-ietf-pcp-base@tools.ietf.org; draft-ietf-v6ops-6204bis@tools.ietf.org
Subject: Re: [v6ops] new draft: draft-ietf-v6ops-6204bis

On Oct 18, 2011, at 10:33 AM, Hemant Singh (shemant) wrote:

 But the PCP base document needs to become a RFC ASAP

The current revision, I-D.ietf-pcp-base-14 is unsuitable for the purposes described in REC-48 of RFC 6092, in my opinion.  I'm hoping that the forthcoming -15 revision will be acceptable, but I don't actually see it on the server yet, and some of the more authoritative participants in the working group are balking at being asked to consider a new revision of the draft.

One of the things that would help here is for the PCP working group to stop thinking that their job is done after they specify how ports are mapped for translation and address amplification with NAT44 and NAT64 and to start remembering that their draft actually purports to explain how PCP can meet REC-48 of RFC 6092 as well.  Every time I bring up a point that shows how their draft falls down on that point, they complain that nobody cares about IPv6 CPE routers, or transports other than TCP and UDP, or this, that or the other thing, and tell me they plan to fix it in the next round of RFC development.  Fortunately, the chair and the technical editor of the draft seem to be paying attention to the problems, but I do *NOT* feel at all comfortable that the community of PCP implementers is ready to consider simple security in IPv6 CPE routers.

I am very concerned that IPv6 CPE router vendors will rush out devices that contain early reference implementations of PCP, because it is standards track, but have simple security functions that are *MUCH* less transparent than the Informational category RFC 6092 recommends.  If this happens, then PCP servers in these ubiquitous and sure-to-never-be-upgraded home gateways will establish a conventional restriction on the transparency of IPv6 residential service that unnecessarily mimics the brokenness of IPv4/NAPT.  We should endeavor to avoid the possibility of a disaster like that, if at all possible, and I'm sensing a significant resistance to that concern among an influential cadre of PCP working group participants and implementers.

Therefore, I'd prefer that any update to RFC 6204 either wait for PCP to be revised appropriately in a second RFC, or that it not contain any recommendation for a PCP server at all.  Alternatively, the stakeholders in RFC 6204 could engage more directly with the PCP working group, so that Keith Moore and I are not the only ones speaking up in the defense of your interests.


--
james woodyatt <jhw@apple.com<mailto:jhw@apple.com>>
member of technical staff, core os networking




________________________________
This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.