IETF Logo Mail Archive

Re: [v6ops] Fwd: draft-palet-v6ops-nat64-deployment-02 comments

Ca By <cb.list6@gmail.com> Tue, 03 July 2018 19:37 UTC

Return-Path: <cb.list6@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82A38130DD2 for <v6ops@ietfa.amsl.com>; Tue, 3 Jul 2018 12:37:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZehU5XpPRETV for <v6ops@ietfa.amsl.com>; Tue, 3 Jul 2018 12:37:25 -0700 (PDT)
Received: from mail-yb0-x230.google.com (mail-yb0-x230.google.com [IPv6:2607:f8b0:4002:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84878130DC0 for <v6ops@ietf.org>; Tue, 3 Jul 2018 12:37:25 -0700 (PDT)
Received: by mail-yb0-x230.google.com with SMTP id x15-v6so1185220ybm.2 for <v6ops@ietf.org>; Tue, 03 Jul 2018 12:37:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rVwRYk/b86NojTOLpWN1d4ECrzCDL0KIyiZRbCcHyM4=; b=XmYBdymWatPbM9oSa977qJIm1oe/Anspiyps2GmqQ9McbY6II+nHu3Po7lfOASzB74 QJE2cI/mshgH/wmrQ8mZe917T3yxUhhix2Wk76czw7GjKxCsb3K2tTgeZadMPrkSeT7F 6d7yyFt/GIRUglJQ04OfIK09KVceWLex72B5fWCsiWZWyhZNtZQE/hB94colFoeyKOGb V6bxVvRjfuDhKMJ3Ca6Ie2qxarFPupoR4UGbhenS0nPj7V43OFoJjiwSihyxxa4nTeZG K7hzGN+mqAAiFIM8mwtQ7ROpocZMRayWbq2n4mhtGkpgUjhORPaw2aeXJ57tk7GVrzs7 UAgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rVwRYk/b86NojTOLpWN1d4ECrzCDL0KIyiZRbCcHyM4=; b=eWjN32MH1Qgeq4iKiBdF2g35K/4mHI4svLbvbbfHbT8Z/OUY/NOgH3vippjsb9OH1+ 8+WB+DLN5yuxwwt1wrh5iJiewEug5Pkm058IzsVn6YcXxv0qHHOtXM0OxuWw9JjeQpkB +BppF9lkSIuIB4UJVf1/GQqJFMHhrFNbwMX/HZoD0rAefl7WizM8y/RDcY5Igf36wb3N 6o4ZUhPbXeWKgC/9EdOjJdjDJf0BTzZA/1iahER9Ti50gfwe5znMenoo5iHnYG3OMq2p KVxghxVPK0wCpQbiIzXxAU7J7OESmn4lRY34Odu2PgzvRuOV5tB+/x8zz6RLljvNjR5B kmQA==
X-Gm-Message-State: APt69E2f9YegiYVENFX5TjnLk6Yi7lT5qLfOkOm2JrZAI7sgC63F4+dk trC4xtojcdKqICUDbBhZpZZieFTz2dkDStNPcpA=
X-Google-Smtp-Source: ADUXVKKbTrSMvBge4v4iSZCyqFhIM147eU6McRlt76q2mb0SL5fqftRTmQaDJAjonBjJWmvR6fZXYCUySFHkx/7IzbI=
X-Received: by 2002:a25:5902:: with SMTP id n2-v6mr15628805ybb.116.1530646644757; Tue, 03 Jul 2018 12:37:24 -0700 (PDT)
MIME-Version: 1.0
References: <CAD6AjGQqaQumYyBPVG6qkc9cs+jSGFKgUnGHkMfJmtes5Fk47g@mail.gmail.com> <AD5D4A8E-8A02-463B-A222-3D32A6235DF4@gmail.com>
In-Reply-To: <AD5D4A8E-8A02-463B-A222-3D32A6235DF4@gmail.com>
From: Ca By <cb.list6@gmail.com>
Date: Tue, 03 Jul 2018 12:37:13 -0700
Message-ID: <CAD6AjGQsDq1ELdZPnaAtbZPq5SZoXbD--W5JS5tkN63J1D=W9g@mail.gmail.com>
To: Fred Baker <fredbaker.ietf@gmail.com>
Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000899c3705701d7123"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/ie5Lg2cOM_ixCy4hJNuOI_Wigm4>
Subject: Re: [v6ops] Fwd: draft-palet-v6ops-nat64-deployment-02 comments
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 19:37:28 -0000

On Tue, Jul 3, 2018 at 10:11 AM Fred Baker <fredbaker.ietf@gmail.com> wrote:

> A general note. I have wondered aloud about interest in several new
> drafts, and managed to miss Cameron's:
>
> https://datatracker.ietf.org/doc/draft-byrne-v6ops-dnssecaaaa
> https://tools.ietf.org/html/draft-byrne-v6ops-dnssecaaaa
>   "DNSSEC Resource Record Should Include AAAA", Cameron Byrne, 2018-07-01,
>
> If you want it on the agenda in two weeks, now would be the time to say so.
>

No, i will not be present.

But  i am interested in folks sending feedback on if this is useful.  The
goal of this I-D is to harmonize dns64 and dnssec deployment with an ideal
solution, as opposed to falling into a worst case where folks pick one or
the other.



> > Begin forwarded message:
> >
> > From: Ca By <cb.list6@gmail.com>
> > Subject: Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments
> > Date: July 2, 2018 at 2:55:09 PM PDT
> > To: Fred Baker <fredbaker.ietf@gmail.com>
> > Cc: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>, "v6ops@ietf.org
> list" <v6ops@ietf.org>
> >
> >
> >
> > On Mon, Jul 2, 2018 at 1:41 PM Fred Baker <fredbaker.ietf@gmail.com>
> wrote:
> >
> >
> > > On Jul 2, 2018, at 1:17 PM, JORDI PALET MARTINEZ <
> jordi.palet@consulintel.es> wrote:
> > >
> > > DNSSEC is *only* broken if the dual-stack host is doing DNSSEC
> validation over the synthetized AAAA.
> >
> > So you're worried about DNSSEC validation working through NAT64 in the
> case that the host is using the DNS service in the IPv4 network through the
> NAT64 device.
> >
> > That doesn't have anything to do with DNS64; an a 464XLAT network, if we
> believe RFC 6877, the issue you raise happens in the absence of DNS64.
> >
> > A good postion for the IETF to take is that one should only produce a
> signed A if they can also produce a signed AAAA, which is not a tall order
> these says
> >
> > https://tools.ietf.org/html/draft-byrne-v6ops-dnssecaaaa-00
> >
> >
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org
> > https://www.ietf.org/mailman/listinfo/v6ops
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email