Re: [v6ops] Planning for IETF #90
Ray Hunter <v6ops@globis.net> Fri, 04 July 2014 05:43 UTC
Return-Path: <v6ops@globis.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 537461B2BDB for <v6ops@ietfa.amsl.com>; Thu, 3 Jul 2014 22:43:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jr3Ummt-O_Sp for <v6ops@ietfa.amsl.com>; Thu, 3 Jul 2014 22:43:51 -0700 (PDT)
Received: from globis01.globis.net (mail.globis.net [IPv6:2001:470:1f15:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id 26B061B2BE1 for <v6ops@ietf.org>; Thu, 3 Jul 2014 22:43:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id ED19A871515; Fri, 4 Jul 2014 07:43:49 +0200 (CEST)
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5dcV80Jji7W5; Fri, 4 Jul 2014 07:43:49 +0200 (CEST)
Received: from Rays-iMac.local (unknown [IPv6:2001:470:1f15:73a:58e3:ef97:6438:9173]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPSA id A45B3870047; Fri, 4 Jul 2014 07:43:49 +0200 (CEST)
Message-ID: <53B63F01.1060401@globis.net>
Date: Fri, 04 Jul 2014 07:43:29 +0200
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: "Fred Baker (fred)" <fred@cisco.com>
References: <43AE4B9F-206F-4969-81B8-AE003DC9DF4C@cisco.com> <8392F9BAC6AD5F47920216A6D7853F7E1D62B8CF@BPXM02GP.gisp.nec.co.jp> <504ED52D-B94C-4758-AE07-17789EF4FD2E@cisco.com>
In-Reply-To: <504ED52D-B94C-4758-AE07-17789EF4FD2E@cisco.com>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/pxNSN8CCrDk81l55n_lOdOiavuA
Cc: V6 Ops List <v6ops@ietf.org>, "Ata, Shingo (ata@info.eng.osaka-cu.ac.jp)" <ata@info.eng.osaka-cu.ac.jp>
Subject: Re: [v6ops] Planning for IETF #90
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jul 2014 05:43:53 -0000
Fred Baker (fred) wrote: > v6ops: > > Kitamura-san has posted draft-kitamura-ipv6-zoneid-free, and would like operational views on it. He has also requested agenda time at IETF 90. I suspect it may be more suited for 6man, but 6man isn’t meeting. Would you kindly take a look and comment? > > If there is operational interest, we can give him a slot. > > Fred > > On Jul 3, 2014, at 1:47 AM, Hiroshi Kitamura <kitamura@da.jp.nec.com> wrote: >> Dear co-chairs of v6ops WG, >> >> We have submitted a I-D: >> "Free from Using Zone Identifier for IPv6 Link-Local Address" >> <draft-kitamura-ipv6-zoneid-free-03.txt> >> >> I quote the I-D Announce mail at the end of this mail. >> >> This idea "Zone-ID Free" is simple and harmless to the current system. >> We think this idea helps many people who face problems on Zone-ID. >> >> So, could you give us a presentation time at 90th Toronto meeting, please? >> >> >> - title and file name of the draft >> >> "Free from Using Zone Identifier for IPv6 Link-Local Address" >> <draft-kitamura-ipv6-zoneid-free-03.txt> >> >> - speakers name and email >> >> Hiroshi KITAMURA >> kitamura@da.jp.nec.com >> >> - how much time >> >> 10 min. >> >> Best Regards, >> Hiroshi >> >> >>> -----Original Message----- >>> From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org >>> Sent: Wednesday, July 02, 2014 12:17 PM >>> To: i-d-announce@ietf.org >>> Subject: I-D Action: draft-kitamura-ipv6-zoneid-free-03.txt >>> >>> >>> A New Internet-Draft is available from the on-line Internet-Drafts directories. >>> >>> >>> Title : Free from Using Zone Identifier for IPv6 Link-Local Address >>> Authors : Hiroshi Kitamura >>> Shingo Ata >>> Masayuki Murata >>> Filename : draft-kitamura-ipv6-zoneid-free-03.txt >>> Pages : 17 >>> Date : 2014-07-01 >>> >>> Abstract: >>> This document describes "Zone-ID Free" functions that make end >>> users free from using zone identifiers (Zone-ID) for IPv6 link- >>> local addresses. >>> >>> When users deal with IPv6 link-local addresses, it is thought that >>> it is mandatory thing to specify accompanied Zone-IDs. For end >>> users, however, it is troublesome and nuisance thing to do it. >>> Because it is very hard for normal end users to find appropriate >>> Zone-IDs for this purpose. >>> >>> From another viewpoint, the usage of IPv6 link-local addresses >>> accompanied with Zone-IDs is quite different from the traditional >>> usage of global addresses. Therefore many problems related with >>> Zone-ID are caused and new specifications are required to fix these >>> problems. >>> >>> This document explores and describes how "Zone-ID Free" functions >>> work and how end users are released from using Zone-IDs when they >>> deal with IPv6 link-local addresses. >>> >>> The "Zone-ID Free" functions are upper compatible with the current >>> usages of dealing with IPv6 link-local addresses and harmless to >>> the existing communications. >>> >>> In order to obtain appropriate Zone-ID information, a new >>> technology "Zone-ID Learning" that issues multiple probes is >>> introduced. >>> >>> >>> The IETF datatracker status page for this draft is: >>> https://datatracker.ietf.org/doc/draft-kitamura-ipv6-zoneid-free/ >>> >>> There's also a htmlized version available at: >>> http://tools.ietf.org/html/draft-kitamura-ipv6-zoneid-free-03 >> >> >> >> >>> -----Original Message----- >>> From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Fred Baker (fred) >>> Sent: Thursday, May 22, 2014 4:43 AM >>> To: v6ops >>> Subject: [v6ops] Planning for IETF #90 >>> >>> IETF #90 is two months away, and we have about six weeks to get drafts updated or new drafts filed. This is a heads-up. >>> My rule for putting drafts on the agenda is that they are file or updated since the last IETF meeting and have had supportive >>> working group commentary on the list. Filing at the last instant generally doesn’t help with folks’ commentary - you want >>> to give them some time to read and think. So, filing drafts or making updates in June is recommended. >>> >>> Current draft status: >>> >>> IESG: >>> Jan 12 draft-ietf-v6ops-enterprise-incremental-ipv6 >>> Mar 10 draft-ietf-v6ops-nat64-experience >>> Apr 1 draft-ietf-v6ops-64share >>> >>> Exiting WGLC; on its way to IESG: >>> May 19 draft-ietf-v6ops-clatip >>> >>> Working Group Document updated since IETF: >>> Mar 6 draft-ietf-v6ops-design-choices >>> Mar 11 draft-ietf-v6ops-mobile-device-profile >>> >>> Individual Submission updated since IETF: >>> Mar 4 draft-cui-v6ops-lte-lw4over6 >>> Apr 7 draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node >>> >>> Working Group Document NOT updated since IETF: >>> Nov 26 draft-ietf-v6ops-dhcpv6-slaac-problem >>> Dec 6 draft-ietf-v6ops-balanced-ipv6-security >>> Jan 13 draft-ietf-v6ops-ipv6-roaming-analysis >>> Feb 4 draft-ietf-v6ops-dc-ipv6 >>> Feb 14 draft-ietf-v6ops-ula-usage-recommendations >>> >>> Individual Submission NOT updated since IETF: >>> Dec 3 draft-taylor-v6ops-fragdrop >>> Jan 11 draft-osamu-v6ops-ipv4-literal-in-url >>> Feb 13 draft-cui-v6ops-lte-lw4over6 >>> Feb 14 draft-foo-v6ops-6rdmtu >>> Feb 14 draft-liu-v6ops-dhcpv6-slaac-guidance > I recognize the issues detailed in this draft and feel that it is well written. 2 comments: 1) IMHO The security considerations are incomplete. Zone-ID free operations appears to assume security equivalence and operational equivalence between all interfaces on a device. two cases come to mind for the probes created in Section 4.2. i) ping6 <Link-Local_Address_B> on a node with an IPv6 interface to a telco e.g. LTE may incur significant charges, especially when roaming ii) users definitely don't want security equivalence in firewall nodes or other devices that enforce network security zoning 2) quote "When receiving Link-Local packets, there are no difficulties. Zone-ID (interface) is easily and naturally identified from interface that is used by received packets." The assumption is made that identifying the zone-ID of inbound traffic is trivial (as it can be identified by the arrival interface) IMHO That is very much implementation dependent whether the physical arrival interface is preserved to upper layers. Where is it defined that a node should enforce that the arrival interface of a link-link packet is preserved (and replies should only be sent on that same interface)? Is there's a potential security / operational consideration in that a link local source address could be spoofed from another interface, and replies would be sent out via a different interface, violating the fact that a link-local address should be local to a link? Maybe it should be made clearer that ND probes (section 4.2) should only be sent when initiating new outbound communication from this node, and not when replying to inbound queries? And also recommend that nodes should enforce tying a link-local source address to a physical interface? Thank you. -- Regards, RayH
- [v6ops] Planning for IETF #90 Fred Baker (fred)
- Re: [v6ops] Planning for IETF #90 Fred Baker (fred)
- Re: [v6ops] Planning for IETF #90 神明達哉
- Re: [v6ops] Planning for IETF #90 Ray Hunter
- Re: [v6ops] Planning for IETF #90 Alejandro Acosta