IETF Logo Mail Archive

Re: [v6ops] About Req for Comments - "Transition to IPv6"

Morizot Timothy S <Timothy.S.Morizot@irs.gov> Tue, 10 March 2020 19:27 UTC

Return-Path: <Timothy.S.Morizot@irs.gov>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6C8E3A095E for <v6ops@ietfa.amsl.com>; Tue, 10 Mar 2020 12:27:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=irs.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xnzNyzI1XW9a for <v6ops@ietfa.amsl.com>; Tue, 10 Mar 2020 12:27:24 -0700 (PDT)
Received: from EMG4.irs.gov (emg4.irs.gov [IPv6:2610:30:2000:25::91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D1C23A099D for <v6ops@ietf.org>; Tue, 10 Mar 2020 12:27:23 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.70,538,1574143200"; d="scan'208";a="272221388"
Received: from unknown (HELO mem0200img1.tcc.irs.gov) ([10.219.201.80]) by mem0200emg4.tcc.irs.gov with ESMTP; 10 Mar 2020 14:27:22 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=irs.gov; l=4312; q=dns/txt; s=irs-20171230; t=1583868442; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; z=From:=20Morizot=20Timothy=20S=20<Timothy.S.Morizot@irs.g ov>|To:=20v6ops=20<v6ops@ietf.org>|Subject:=20RE:=20[v6op s]=20About=20Req=20for=20Comments=20-=20"Transition=20to =20IPv6"|Date:=20Tue,=2010=20Mar=202020=2019:27:21=20+000 0|Message-ID:=20<5c7debd563a04421be62d9e8f6c74cd1@irs.gov >|References:=20<e8a25961-5ac9-d35e-77dd-bf86f45cd077@gma il.com>=0D=0A=20<7eb4dc25-28a6-4927-2356-846e200681d2@gma il.com>=0D=0A=20<0791D4B0-8390-48D7-AF0A-CE004EC3224C@con sulintel.es>=0D=0A=20<ccc75efb-8c00-ee97-5cc7-2e061e6e5a5 4@gmail.com>=0D=0A=20<52b6b9a4f46a49598eccee1b35e5efc5@ir s.gov>=0D=0A=20<89127c25-9c51-c4bb-97ae-3567e80a4c52@gmai l.com>=0D=0A=20<43D0E5A1-E5C5-4ACA-A44D-BC2F67129174@delo ng.com>=0D=0A=20<D2622B27-88F4-42A7-B944-C002F40D0DB7@con sulintel.es>=0D=0A=20<2020030818294834486735@chinatelecom .cn>=0D=0A=20<CADzU5g5yzhK-4oxL=3Dm5_C1fj=3DK7nXX9mDG49 =3DgLRSs8XGkPXqA@mail.gmail.com>=0D=0A=20<B8678AA0-7D7A-4 ACD-BB4A-DDEDE85ACB88@consulintel.es>=0D=0A=20<073925C4-5 355-4C51-84A4-4D9545013552@delong.com>=0D=0A=20<4A5BDEE6- 2B9E-4338-94C1-3BE9D6E37516@consulintel.es>|In-Reply-To: =20<4A5BDEE6-2B9E-4338-94C1-3BE9D6E37516@consulintel.es> |Content-Transfer-Encoding:=20base64|MIME-Version:=201.0; bh=pFXHSgLU7meWr0pMtVQV05x2hgRs/CYGTEZLOvc7tbc=; b=TFmNx82enqpzN+kCmf1IpjjnfKBMXjC5DbV15rWSx0dJ9USHgZc6SRN7 e1KxNSy1e1CmzWxuLeK4Jy4dPjucJy+TQoNc8ebIihlI0HAZp2idp9R6U RxjdGk27p/B+tIer9uUsbhe2CvmaNyDOPcx6Lk5At2s60P8hGqvlc+Hdc uXDYjjqzmBUVNx9lAqZFezUM0M/Rme6EDluZqLFvWxa0LmbgQnOyfOGPz M8KSh9G7B434IeYrTGzyIjM3U0QHvFihkNbGCsR6Bmf4gNLed/nTQNwrx pXV4awNm9SYP0R7Ul7cT8DEiYFqLnIt4EG/WMOn1n87XjxC8B8WlqQh5K Q==;
Received: from mtb0120ppexh030.ds.irsnet.gov ([10.207.136.81]) by mem0200img1.tcc.irs.gov with ESMTP/TLS/AES256-GCM-SHA384; 10 Mar 2020 19:27:22 +0000
Received: from MTB0120PPEXH050.ds.irsnet.gov (10.207.136.83) by MTB0120PPEXH030.ds.irsnet.gov (10.207.136.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1913.5; Tue, 10 Mar 2020 15:27:21 -0400
Received: from MTB0120PPEXH050.ds.irsnet.gov ([fe80::9de0:134:e3b8:a42d]) by MTB0120PPEXH050.ds.irsnet.gov ([fe80::9de0:134:e3b8:a42d%15]) with mapi id 15.01.1913.005; Tue, 10 Mar 2020 15:27:21 -0400
From: Morizot Timothy S <Timothy.S.Morizot@irs.gov>
To: v6ops <v6ops@ietf.org>
Thread-Topic: [v6ops] About Req for Comments - "Transition to IPv6"
Thread-Index: AQHV8ueeLLu0nvB3gUGLJcW18YOjU6g6QF0AgAALy4D//7FKwIAAXguAgAAtooCAABgygIAD4mNKgABVLgCAAWGygIACLuQAgAAGVoD//8XNgA==
Date: Tue, 10 Mar 2020 19:27:21 +0000
Message-ID: <5c7debd563a04421be62d9e8f6c74cd1@irs.gov>
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com> <7eb4dc25-28a6-4927-2356-846e200681d2@gmail.com> <0791D4B0-8390-48D7-AF0A-CE004EC3224C@consulintel.es> <ccc75efb-8c00-ee97-5cc7-2e061e6e5a54@gmail.com> <52b6b9a4f46a49598eccee1b35e5efc5@irs.gov> <89127c25-9c51-c4bb-97ae-3567e80a4c52@gmail.com> <43D0E5A1-E5C5-4ACA-A44D-BC2F67129174@delong.com> <D2622B27-88F4-42A7-B944-C002F40D0DB7@consulintel.es> <2020030818294834486735@chinatelecom.cn> <CADzU5g5yzhK-4oxL=m5_C1fj=K7nXX9mDG49=gLRSs8XGkPXqA@mail.gmail.com> <B8678AA0-7D7A-4ACD-BB4A-DDEDE85ACB88@consulintel.es> <073925C4-5355-4C51-84A4-4D9545013552@delong.com> <4A5BDEE6-2B9E-4338-94C1-3BE9D6E37516@consulintel.es>
In-Reply-To: <4A5BDEE6-2B9E-4338-94C1-3BE9D6E37516@consulintel.es>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.207.132.68]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/ZB2l4HgYqIGFe1syJLqOCMuhodk>
Subject: Re: [v6ops] About Req for Comments - "Transition to IPv6"
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 19:27:33 -0000

JORDI PALET MARTINEZ wrote:
>*** Then there is a problem. If they really want to have ALL the way thru only IPv6 in the LANs, the federal employees
>will not be able to use *ANY* application that uses literal addresses (even a simple web page that is doing that).
>Because there is NO transition mechanism that allows that. They are able to force all their internal apps to use only
>IPv6, fine, but they have no control over the rest of the Internet. If they are thinking that NAT64+DNS64 resolves
>that, they lost this “small” bit in their thinking. I’ve already reported them to the site that is asking for comments,
>hopefully they really pay attention to the inputs.

I'm intrigued that you believe that's inherently a problem. Perhaps you're not aware how restrictive
US federal government networks often are? There are a great many things on the Internet I cannot
access from my work computer, even for official work purposes. For example, I am the designated representative
for my organization with ARIN. But during remote participation, I could not access jabber and
cannot access slack from my work computer. I cannot access any conferencing platform from
my work computer even for official, approved purposes. There are multiple levels of firewalls when
I am connected to the enterprise network, all operating in default deny mode. My work computer
presently has no direct access to any endpoint on the Internet. Every service allowed is proxied.
And if things on the Internet do not work within our requirements, we don't use them.
Now, removing even the perimeter service proxies to the public IPv4 Internet would fall
into that last 20% that does not yet have a specifically mandated date. The emphasis,
though, should likely be on *yet*. I know many of the people who contributed to
the draft. I don't think they "lost" anything in their thinking.
 
>*** I will be glad if they can send this memo to every small web site in the world,
>because even if one of them is missing it, and need to be accessed by
>the employees, will not work!

It's published in the Federal Register. Those interested in advance warning about the
steps the US government is planning to take on their own networks have it available.
It will remain published by OMB when formally released. However, restricting access
for federal employees is perfectly normal and occurs today for all sorts of
reasons. Our networks do not operate under the premise that any system
on our network must be able to access any arbitrary system, service,
site, or application on the Internet. In fact, more the opposite applies.

I believe Owen captured more the spirit and intent of this next step in
the progression of the US federal government IPv6 transition. Despite
the mandated dates, progress will almost certainly continue to be uneven across agencies.
But the reporting requirements are something of a stick. Compliance with
regulations and other requirements tends to be one of the drivers
in government decision-making, especially since profit is not normally
the factor it is in commercial decision-making.

Scott

v2.23.0 | Report a Bug | By Email