Re: [v6ops] I-D Action: draft-link-v6ops-6mops-00.txt
Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 05 March 2024 19:04 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBEC9C1519AB for <v6ops@ietfa.amsl.com>; Tue, 5 Mar 2024 11:04:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.196
X-Spam-Level:
X-Spam-Status: No, score=-7.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.091, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4RWxEPSKecdF for <v6ops@ietfa.amsl.com>; Tue, 5 Mar 2024 11:04:00 -0800 (PST)
Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FC08C151992 for <v6ops@ietf.org>; Tue, 5 Mar 2024 11:04:00 -0800 (PST)
Received: by mail-pf1-x429.google.com with SMTP id d2e1a72fcca58-6e649a2548cso90424b3a.3 for <v6ops@ietf.org>; Tue, 05 Mar 2024 11:04:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709665439; x=1710270239; darn=ietf.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=i8Ekmq5Le6NeKqFVfPFRxD3BXSUIiK0Hg7ZduAi7i4s=; b=j6I4qzhFkYkef/opgatZN249yhY1S2QATDPjS9NFaaX3E8yv6rLG4souCUVuDnCkku W5jo3OsKTEvyKGmo6K3JDfCh4d2Wz4NpYkYHgO2T1cpJLYOGs0SUVT58Fd8d+SuVVcUr 44pUN1QR//IBDJSKbENuSYh8k+bpidpCvzg6BwuODzTTl5faHKONWI/JWrq+EZJDRlUB f5YZZLMVrjquQ1vX+DGI72u61oNZ32ChgqufubQLV1XFSMeg2sN6jCPCmCQosJ+98pAm 9S9ghyFUfR+GSZDEHzMza5hQC07GUY6l+BZhlOWiDqTns4RGTgc9y1BBF7yq0p9eqAGr mYdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709665439; x=1710270239; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=i8Ekmq5Le6NeKqFVfPFRxD3BXSUIiK0Hg7ZduAi7i4s=; b=lkUEkMx2ppDqnS5V8mLcFrZlOgnvvjgrlGt1NItfmdgSlm/rVp5zgb8+hKdqQQ9/er jlsHusT+tS6pQzRIbnlNPGsJ5mi9hStgd/fXAj+YKl9BJhaCDUCH3uSsP9SnkC61YNtG 4uymMnJxGcy2pdZ17R0Xzupbx3bfuB8DxGy/Ihe1zxfRv5ewB09na01RQW4Z+7gazgdU UXI6Iq1d//rcKwgAKrFamcF6E/8GhH8uuAOg81BxdI9LrvmlTZ4Q5fGJ/51uExtjiawm dVyi3EskuL57QTdZlN3ClOTCaiiNG33dZ0DWefoewoir+XMtHOXCEyvdFV0yTtisi/ai RVwQ==
X-Gm-Message-State: AOJu0Yz4mA6G/kqcXkbFK65gJc0jkc1eYyExCG6F27h32vQTkIAIf9np H4vbMn7kCJZKjMiQLt+AKcQtcJhWgegEQ/nVmvro+qdLcH1cP2KRvzHZxOgQ
X-Google-Smtp-Source: AGHT+IGVPy/bBfry9MJ24Mq2mTGGTjN8oAFs48aR97lj8VdbZfahlUbVPxsvx2nQjlHIfrz5ZMk+XA==
X-Received: by 2002:a05:6a20:144a:b0:1a1:276f:6b44 with SMTP id a10-20020a056a20144a00b001a1276f6b44mr2964503pzi.19.1709665439525; Tue, 05 Mar 2024 11:03:59 -0800 (PST)
Received: from ?IPV6:2404:4400:541d:a600:44b7:2c2e:2bc6:8707? ([2404:4400:541d:a600:44b7:2c2e:2bc6:8707]) by smtp.gmail.com with ESMTPSA id a24-20020a631a18000000b005dc491ccdcesm9347945pga.14.2024.03.05.11.03.57 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 05 Mar 2024 11:03:59 -0800 (PST)
Message-ID: <1973baa4-f6ed-696a-2935-952cb2806b00@gmail.com>
Date: Wed, 06 Mar 2024 08:03:55 +1300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: Jen Linkova <furry13@gmail.com>
Cc: IPv6 Operations <v6ops@ietf.org>
References: <170955522053.39685.10398176610934575947@ietfa.amsl.com> <d5cfd59b-6657-a212-66b4-5c907ee2a5b7@gmail.com> <CAFU7BARE6_ZDngaN5J4z4hUakFx+=6PUViS79dHByaSOgHmfdw@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <CAFU7BARE6_ZDngaN5J4z4hUakFx+=6PUViS79dHByaSOgHmfdw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/qTtIoka-yr_QSsl-_VDSCWqqhJA>
Subject: Re: [v6ops] I-D Action: draft-link-v6ops-6mops-00.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2024 19:04:04 -0000
On 05-Mar-24 14:29, Jen Linkova wrote: > On Tue, Mar 5, 2024 at 12:17 PM Brian E Carpenter > <brian.e.carpenter@gmail.com> wrote: >> This draft is an excellent start. > > Thank you! > >> The security considerations seem a bit short. > > It's a side effect of the draft submission deadline ;) Will be fixed in -01 ;) > >>> This document does not introduce any privacy considerations >> >> Are we sure about that? For example, some people (not me) will claim >> that the privacy benefits of NAT are lost for the IPv6-only hosts. > > If we compare the proposed design with a dual-stack approach, the > privacy considerations are the same: > - if the destination is a dual-stack (or IPv6-only) IPv6 will be used > in both cases; > - if the destination is IPv4-only, the traffic will go through NAT44 > (dual-stack) or NAT64 (IPv6-mostly) > > Would adding a text that privacy considerations are inherited from a > dual-stack design? What I realised when considering your question is that we have no generic reference for IPv6 privacy considerations. RFC 7721 is specific to address generation, RFC 7824 is specific to DHCPv6, RFC 8065 is specific to adaptation layers, and that's about it. So I guess it is reasonable to say that "mostly" adds no new privacy risks compared to dual stack, but the "only" hosts avoid all IPv4-related risks and may benefit from IPv6-related protections such as temporary addresses. The NAT lovers will disagree though, because they believe that NAT is a privacy feature. Brian > >> Is there any interaction with site policies (dis)allowing temporary >> addresses? Any interaction with randomized MAC addresses? > > It's all existing in any other IPv6 deployment, right? Nothing > specific to IPv6-mostly. I didn't consider enumerating all IPv6 > privacy implications, but maybe I should.. > >> On 05-Mar-24 01:27, internet-drafts@ietf.org wrote: >>> Internet-Draft draft-link-v6ops-6mops-00.txt is now available. >>> >>> Title: IPv6-Mostly Networks: Deployment and Operations Considerations >>> Author: Jen Linkova >>> Name: draft-link-v6ops-6mops-00.txt >>> Pages: 16 >>> Dates: 2024-03-04 >>> >>> Abstract: >>> >>> This document discusses an deployment scenario called "an IPv6-Mostly >>> network", when IPv6-only and IPv4-enabled endpoints coexist on the >>> same network (network segment, VLAN, SSID etc). >>> >>> The IETF datatracker status page for this Internet-Draft is: >>> https://datatracker.ietf.org/doc/draft-link-v6ops-6mops/ >>> >>> There is also an HTML version available at: >>> https://www.ietf.org/archive/id/draft-link-v6ops-6mops-00.html >>> >>> Internet-Drafts are also available by rsync at: >>> rsync.ietf.org::internet-drafts >>> >>> >>> _______________________________________________ >>> I-D-Announce mailing list >>> I-D-Announce@ietf.org >>> https://www.ietf.org/mailman/listinfo/i-d-announce >>> >> >> _______________________________________________ >> v6ops mailing list >> v6ops@ietf.org >> https://www.ietf.org/mailman/listinfo/v6ops > > >
- Re: [v6ops] I-D Action: draft-link-v6ops-6mops-00… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-link-v6ops-6mops-00… Jen Linkova
- Re: [v6ops] I-D Action: draft-link-v6ops-6mops-00… Brian E Carpenter
- Re: [v6ops] I-D Action: draft-link-v6ops-6mops-00… Tom Herbert
- Re: [v6ops] I-D Action: draft-link-v6ops-6mops-00… Mark Smith