Re: [v6ops] new draft: draft-colitti-v6ops-host-addr-availability
Mark Smith <markzzzsmith@gmail.com> Mon, 20 July 2015 08:42 UTC
Return-Path: <markzzzsmith@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F05211A1A58 for <v6ops@ietfa.amsl.com>; Mon, 20 Jul 2015 01:42:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.523
X-Spam-Level:
X-Spam-Status: No, score=0.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, MALFORMED_FREEMAIL=0.001, MISSING_HEADERS=1.021, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IpoUUPukxXq8 for <v6ops@ietfa.amsl.com>; Mon, 20 Jul 2015 01:42:11 -0700 (PDT)
Received: from mail-ie0-x232.google.com (mail-ie0-x232.google.com [IPv6:2607:f8b0:4001:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 658681A1A3C for <v6ops@ietf.org>; Mon, 20 Jul 2015 01:42:11 -0700 (PDT)
Received: by ietj16 with SMTP id j16so113090196iet.0 for <v6ops@ietf.org>; Mon, 20 Jul 2015 01:42:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:cc :content-type; bh=8hz+o6lVlODhkQNLuLyXqK1cET61GV2lpImJtAUkxmk=; b=Ezhjl4oevRJnbcDaaZf4C50raaLZkV+lj+xO/trUTnxsIsBiPMcEa5eM8foBcXiLdD CTuQOUmjBYlHFy6E+D6QgTsL4s5of3GXswSK7xFj6Oz8dmkDpFlUNhWax1rY+JMiEPPF 1YXjoWfcbsw/0LKdyHKrZykNUVjLCWySU3YL0+t9V1YIa8ODaM8Ni4G60wF5oe8aUGha JOgC8cEr54BrbWzOb0UqqtVtnf9hNlQ3R7OV6df1PMsVD+1MfxzwaLPIRi2MrwvCNojB fxdXXRHjJZzzWw0CFxkeZ+235I8/279ND9C/MWjfg/mnZV/cgsI5Bk+mHltSy8TQRWdF nbOg==
X-Received: by 10.107.10.96 with SMTP id u93mt25094242ioi.172.1437381730829; Mon, 20 Jul 2015 01:42:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.205.5 with HTTP; Mon, 20 Jul 2015 01:41:41 -0700 (PDT)
In-Reply-To: <201507061147.t66Bl1AE028312@irp-lnx1.cisco.com>
References: <201507061147.t66Bl1AE028312@irp-lnx1.cisco.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Mon, 20 Jul 2015 18:41:41 +1000
Message-ID: <CAO42Z2zL3n5LkEiXqSSzNvc8LhP+TVgVjKbFt3szWN772_Pk-Q@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/ls3tCFspfeYsuCCBGGGd72Pw4fo>
Cc: v6ops list <v6ops@ietf.org>, draft-colitti-v6ops-host-addr-availability@tools.ietf.org
Subject: Re: [v6ops] new draft: draft-colitti-v6ops-host-addr-availability
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2015 08:42:13 -0000
Hi, Firstly, I would support the WG adoption of this draft. Some thoughts and comments, Abstract & Intro ~~~~~~~~~~~ I think stating that it also describes benefits would create a bit more of an interest in reading it e.g., "This document recommends that networks provide general-purpose end hosts with multiple global addresses, and describes *the benefits and * options for doing so." 3. Benefits of multiple addresses ~~~~~~~~~~~~~~~~~~~~~~~~ Another benefit : o Increased robustness. RFC6724 prefers smaller scope addresses over larger ones, meaning link-local source and destination addresses are preferred over ULAs, which are preferred over GAUs. As link-local addresses can be used by applications [RFC4007], this means that communications robustness is increased when link-local addresses are used by applications, because the application can continue to operate regardless of the presence of one or more routers on the link and other larger scope addresses. Similarly, when an application is using ULA addresses, it is robust against events that would disrupt the network's GUA addressing, such as a GUA renumbering event. o Future applications (e.g., per-application IPv6 addresses). - I think "Transient addressing for related processes: Improved firewalling by using IPv6 and multiple addresses per host." by Peter M. Gleitz and Steven M. Bellovin would be an excellent example to reference: https://www.cs.columbia.edu/~smb/papers/tarp.pdf 5. Overcoming limits using Network Address Translation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A reference to RFC2993, "Architectural Implications of NAT", somewhere would be good. 7. Options for obtaining more than one address ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "If the prefix is a /64, it can also reshare that prefix with any downstream clients via [RFC7278] /64 sharing." I'm not sure RFC7278 should be suggested as a general purpose method, as there were a number of kludges/limitations in that method specific to dealing with the lack of DHCPv6-PD support on the 3GPP devices e.g., switching from a /64 numbered upstream link to a link-local upstream link (while the carrier device still thinks the /64 is on the link) so the /64 could be used on the downstream link. Its basically presenting methods that are a half way between routing and bridging between the upstream and downstream links, and that created issues because it wasn't completely one or the other. 8.1. Stateful addressing and host tracking ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I think it is also worth pointing out that network layer and link-layer device identifiers/numbers/addresses are not a very reliable identifier or analogue of people, or more specifically attackers, because the identifiers/numbers/addresses can change, can be changed and may not be globally unique, in particularly quite easily if the attacker is using their own device. Identifying the individual accessing the network using user/human authentication methods such as 802.1X and one or more of the what you have, what you are, or what you know, could provide a audit record of the much tighter coupling between a human and the network identifiers they use during the authenticated session. Nits etc. 2. Common IPv6 deployment model ~~~~~~~~~~~~~~~~~~~~~~~~~~ There seems to be a reference error here, as RFC6433 is "Requirements for a Working Group Milestones Tool" and doesn't have a 5.9.4 section. Regards, Mark.
- [v6ops] new draft: draft-colitti-v6ops-host-addr-… fred
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Simon Perreault
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Sander Steffann
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Andrew Yourtchenko
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Fred Baker (fred)
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Lorenzo Colitti
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Erik Kline
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Yury Shefer
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Tore Anderson
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Ray Hunter
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Erik Kline
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Tore Anderson
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Andrew 👽 Yourtchenko
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Brian E Carpenter
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Fred Baker (fred)
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Brian E Carpenter
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Sander Steffann
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Fred Baker (fred)
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Tom Taylor
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Jouni Korhonen
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Erik Kline
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Alexandru Petrescu
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Mukom Akong T.
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Dave Thaler
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Mikael Abrahamsson
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Ross Chandler
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Mark Smith
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Lorenzo Colitti
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… George, Wes
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… George, Wes
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Mark Smith
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… George, Wes
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Templin, Fred L
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Lorenzo Colitti
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Fred Baker (fred)
- Re: [v6ops] new draft: draft-colitti-v6ops-host-a… Alexandru Petrescu