Re: [v6ops] FW: New Version Notification for draft-ipversion6-loopback-prefix-00.txt
Edward Lewis <edward.lewis@icann.org> Tue, 17 February 2015 14:33 UTC
Return-Path: <edward.lewis@icann.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92A4D1A8996 for <v6ops@ietfa.amsl.com>; Tue, 17 Feb 2015 06:33:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.208
X-Spam-Level:
X-Spam-Status: No, score=-4.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LVCM-yXZCqCq for <v6ops@ietfa.amsl.com>; Tue, 17 Feb 2015 06:33:31 -0800 (PST)
Received: from out.west.pexch112.icann.org (pfe112-ca-2.pexch112.icann.org [64.78.40.10]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54C001A8999 for <v6ops@ietf.org>; Tue, 17 Feb 2015 06:33:31 -0800 (PST)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.847.32; Tue, 17 Feb 2015 06:33:29 -0800
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.0847.030; Tue, 17 Feb 2015 06:33:29 -0800
From: Edward Lewis <edward.lewis@icann.org>
To: Falcon Darkstar Momot <falcon@iridiumlinux.org>, Lorenzo Colitti <lorenzo@google.com>
Thread-Topic: [v6ops] FW: New Version Notification for draft-ipversion6-loopback-prefix-00.txt
Thread-Index: AQHQSUIEjnmiENkrAUKRqDIUqGF8vpzzV4+AgAAK6wCAACcnAIAAG7gAgADLi4CAADH9AIAAAkeAgAABEICAAADBgIAAANmAgAB1VQA=
Date: Tue, 17 Feb 2015 14:33:29 +0000
Message-ID: <D108B631.8FEA%edward.lewis@icann.org>
References: <D1076758.8F7D%edward.lewis@icann.org> <419285087.7936915.1424128613951.JavaMail.yahoo@mail.yahoo.com> <54E2A454.3080908@iridiumlinux.org> <CAKD1Yr0oR78UWubp4ZfWQgua5SEw1cFiKJbidDbCqxKWquKGew@mail.gmail.com> <54E2A721.7010106@iridiumlinux.org> <CAKD1Yr0JZ735RWO=yvrQ9PRHkfnX4juMgugQ1XODgU7+K9Cm4g@mail.gmail.com> <54E2A879.2010201@iridiumlinux.org>
In-Reply-To: <54E2A879.2010201@iridiumlinux.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.7.141117
x-originating-ip: [192.0.47.235]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3507010407_3241943"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/mPHP7dwASIaeJ7yQzWOrFiiXSrc>
Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>
Subject: Re: [v6ops] FW: New Version Notification for draft-ipversion6-loopback-prefix-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Feb 2015 14:33:35 -0000
On 2/16/15, 21:33, "Falcon Darkstar Momot" <falcon@iridiumlinux.org> wrote: > On 16/02/2015 19:30, Lorenzo Colitti wrote: >> On Tue, Feb 17, 2015 at 11:27 AM, Falcon Darkstar Momot >> <falcon@iridiumlinux.org> wrote: >>> The point is that they're addresses, not tags. Why would you allocate >>> addresses that have absolutely no purpose in relation to routing? >> >> Pointing network at addresses inside 127.0.0.0/8 <http://127.0.0.0/8> is a >> very reliable way to cause said applications to fail fast without emitting >> any packets. We don't have a way to do that in IPv6 except pointing them at >> ::1. > How about discard, 0100::/64 as per RFC6666? This seems rather more explicit > than using loopback as discard. I’ve carved up this thread a bit because it contains a case of protocol engineering vs. protocol operations conflict. Yes, architecturally, I find the use of encoding messages in addresses rather appalling. What I called “overt covert” channels are cute tricks that are just that, tricks. The more of these one tries to support in an architecture, the more difficult it is to fully exercise innovation in the architecture. (My background is tied to DNS, and this is pretty evident there.) OTOH, operationally, the Internet Protocol stack is a challenge to manage. The basic definition of Internet Protocols haven’t left a lot of hooks for management and operations, having been born in the days before there was a lot of experience upon which to draw lessons and thus requirements. (Again, very evident in DNS.) Operators have over time had to work with what they have, some of their choices present challenges to architectural models. I’d be out of my depth to rationalize why DNSBL’s do what they do. I can imagine a few reasons (or excuses depending on one’s perspective) and I am tempted to add some conjecture. But that would be wrong on the list. For controlled interruption, the uphill battle was passively coercing the installed base to be caught in the trap (as systems errantly sending unintended queries). The way to do this is to tap into the address record lookups. The backchannel is the operations use of logs - where the ‘connection to 127.0.53.53 failed’ would appear. Controlled interruption includes other record types, including a TXT record which has a short message. The goal is two fold. One is to get a message back. Two is to have the node not leak anymore than it already has. (IMHO, the idea of wanting a loopback is a bit overreaching, the goal is not to have the node successfully send anything within itself.) Way back (1998+/-) when DNSSEC was being developed, I wanted to ‘get a message back’ and thought I’d be able to depend on SNMP - a nice architectural thing to, but that wasn’t achievable. (There’s no real good back channel for DNSSEC detection of failures - it’s still actively discussed on mailing lists.) That’s just an example of the challenge of getting ‘a message back.’ (The analogy here is a bit weak, DNSSEC wanted to reach the administrator of the node with the failure, for controlled interruption and DNSBL’s have different relationships.) The suggestion to use the discard block is an interesting one, but it doesn’t quite attain the goal of preventing leakage. The goal is to have the node not even generate the datagram, as opposed to having a recipient know to discard it. It’s not a bad suggestion, but the mere fact the action is taken at the recipient means there’s that much leakage. (Of course, I don’t know what existing implementations would do with the address block I’ll propose to mean ‘don’t even make this datagram’.)
- [v6ops] FW: New Version Notification for draft-ip… Edward Lewis
- Re: [v6ops] FW: New Version Notification for draf… Hosnieh Rafiee
- Re: [v6ops] FW: New Version Notification for draf… Lorenzo Colitti
- Re: [v6ops] FW: New Version Notification for draf… Erik Kline
- Re: [v6ops] FW: New Version Notification for draf… Mark ZZZ Smith
- Re: [v6ops] FW: New Version Notification for draf… Erik Kline
- Re: [v6ops] FW: New Version Notification for draf… Nick Hilliard
- Re: [v6ops] FW: New Version Notification for draf… Edward Lewis
- Re: [v6ops] FW: New Version Notification for draf… Edward Lewis
- Re: [v6ops] New Version Notification for draft-ip… David Conrad
- Re: [v6ops] FW: New Version Notification for draf… Mark ZZZ Smith
- Re: [v6ops] New Version Notification for draft-ip… Mark Andrews
- Re: [v6ops] New Version Notification for draft-ip… Mark ZZZ Smith
- Re: [v6ops] New Version Notification for draft-ip… Mark ZZZ Smith
- Re: [v6ops] New Version Notification for draft-ip… Erik Kline
- Re: [v6ops] New Version Notification for draft-ip… Lorenzo Colitti
- Re: [v6ops] New Version Notification for draft-ip… Mark Andrews
- Re: [v6ops] New Version Notification for draft-ip… Lorenzo Colitti
- Re: [v6ops] New Version Notification for draft-ip… Mark ZZZ Smith
- Re: [v6ops] FW: New Version Notification for draf… Falcon Darkstar Momot
- Re: [v6ops] New Version Notification for draft-ip… David Conrad
- Re: [v6ops] FW: New Version Notification for draf… Lorenzo Colitti
- Re: [v6ops] FW: New Version Notification for draf… Falcon Darkstar Momot
- Re: [v6ops] FW: New Version Notification for draf… Lorenzo Colitti
- Re: [v6ops] FW: New Version Notification for draf… Falcon Darkstar Momot
- Re: [v6ops] New Version Notification for draft-ip… Mark ZZZ Smith
- Re: [v6ops] New Version Notification for draft-ip… Mark Andrews
- Re: [v6ops] FW: New Version Notification for draf… Mark Andrews
- Re: [v6ops] New Version Notification for draft-ip… Mark Andrews
- Re: [v6ops] FW: New Version Notification for draf… Lorenzo Colitti
- Re: [v6ops] New Version Notification for draft-ip… Lorenzo Colitti
- Re: [v6ops] New Version Notification for draft-ip… Eric Vyncke (evyncke)
- Re: [v6ops] FW: New Version Notification for draf… Eric Vyncke (evyncke)
- Re: [v6ops] FW: New Version Notification for draf… Edward Lewis
- Re: [v6ops] New Version Notification for draft-ip… Edward Lewis
- Re: [v6ops] New Version Notification for draft-ip… David Farmer
- Re: [v6ops] New Version Notification for draft-ip… Carlos Pignataro (cpignata)
- Re: [v6ops] New Version Notification for draft-ip… Andrew 👽 Yourtchenko
- Re: [v6ops] New Version Notification for draft-ip… joel jaeggli
- Re: [v6ops] FW: New Version Notification for draf… Falcon Darkstar Momot
- Re: [v6ops] New Version Notification for draft-ip… Mark ZZZ Smith
- Re: [v6ops] New Version Notification for draft-ip… Mark ZZZ Smith
- Re: [v6ops] New Version Notification for draft-ip… David Conrad
- Re: [v6ops] New Version Notification for draft-ip… Mark ZZZ Smith
- Re: [v6ops] New Version Notification for draft-ip… Mark ZZZ Smith
- Re: [v6ops] New Version Notification for draft-ip… t.petch
- Re: [v6ops] New Version Notification for draft-ip… Mark Andrews
- Re: [v6ops] New Version Notification for draft-ip… t.petch
- Re: [v6ops] New Version Notification for draft-ip… Mark ZZZ Smith