Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments

[JORDI PALET MARTINEZ <jordi.palet@consulintel.es>]

    >> 3.1.2.  Service Provider offering 464XLAT, with DNS64

    

    > -> Are you suggesting that I should make a more detailed description in every scenario, with more figures, etc. ? Or just in the 464XLAT case ?

    > 

    >> 3.1.3.  Service Provider offering 464XLAT, without DNS64

    > 

    >    The difference from the preceding section will be connectivity between an IPv6-only device and an IPv4-only peer. In the previous section, the IPv6 device will be unable to communicate with an IPv4-only peer, and the dual stack device will use its IPv4 side, the CLAT, and the PLAT.

    > 

    > -> Right, again, you feel I need to add text to explain that, so same as previous question, having some extra text only for the 464XLAT cases?

    > 

    >>   The major advantage of this scenario, using 464XLAT without DNS64, is

    >>   that the service provider ensures that DNSSEC is never broken.

    > 

    >    Yes, but at the cost of IPv6-IPv4 connectivity.

    

    I suppose in part I'm thinking out loud. But I do think it's important to not trivialize the lack of connectivity in that last case, which I think your current text does. Yes, DNSSEC doesn't work (doesn't validate a signature, and probably doesn't *have* a signature) with a DNS64 IPv4 embedded IPv6 Address. But it doesn't work without one either, because in the case nothing works - there is no connectivity. It's a judgement call, I suppose, but I think it's better to say it than let the installing ISP discover it and wonder what happened.





-> Understood. I will improve the text to avoid that trivialization. However, I don't agree it doesn't works. What happens is that in that case, the connection in that case is done using the IPv4 stack of both peers (so the dual-stack host behind the CLAT CE, only see an "A" record, so naturally use only that one).

    




**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.