IETF Logo Mail Archive

Re: [v6ops] draft-ietf-v6ops-ula-usage-recommendations - work or abandon?

Fernando Gont <fgont@si6networks.com> Fri, 13 November 2015 04:15 UTC

Return-Path: <fgont.mobile@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C486B1B3FD4 for <v6ops@ietfa.amsl.com>; Thu, 12 Nov 2015 20:15:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.677
X-Spam-Level:
X-Spam-Status: No, score=-0.677 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_64=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NHTvABebuxOS for <v6ops@ietfa.amsl.com>; Thu, 12 Nov 2015 20:15:01 -0800 (PST)
Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E2321B3FD6 for <v6ops@ietf.org>; Thu, 12 Nov 2015 20:15:01 -0800 (PST)
Received: by ioc74 with SMTP id 74so86699216ioc.2 for <v6ops@ietf.org>; Thu, 12 Nov 2015 20:15:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=UUYs53lYX9Giet5l9RU6Q3E6KdHPP0BIkufRPLcuDCg=; b=RfibVJS3hhKSXco+NA1pRvR3dtXTPSV/5Xn6Nsumbr1EE9K6IXCyz6aXuhywiYSgI0 uv+dUWEPLGn1b2Rj6zq3Q3PhNIVPvfBXzLSVCnmFERgnLK6Uxt41j2VhWIWVrFh93XHF tYIvYwqRYrCyijyxLb8Tdt0AGbbb5vj8PfalJ2vPrqKPiQ0GDi3BcLdKFmKzW34beHCn 7s37E2VhDJlJ4i8ewhPGkXbfxrJZOvExElGgONoB42O1m4wgk9HPfXlv0DrCVlAz7vwT 6MDdAFgpRhymZcLM+mAYZBOg1vtquQfHkwwZu7ala/G5K7+fDp3RrqnKNuhobIj6mCE2 JPHQ==
MIME-Version: 1.0
X-Received: by 10.107.164.227 with SMTP id d96mr17694725ioj.73.1447388100664; Thu, 12 Nov 2015 20:15:00 -0800 (PST)
Sender: fgont.mobile@gmail.com
Received: by 10.36.21.130 with HTTP; Thu, 12 Nov 2015 20:15:00 -0800 (PST)
Received: by 10.36.21.130 with HTTP; Thu, 12 Nov 2015 20:15:00 -0800 (PST)
In-Reply-To: <CAKD1Yr0V_8DYOCm_BcB-xjKmCJc6AX25J8QZRE-c0CgYnnUM7g@mail.gmail.com>
References: <D25D5920.C914E%Lee.Howard@twcable.com> <CAKD1Yr1rKjkDhhuD9L=R_MJ+ofOAZ2Nt+5mszZKQxCh-kH4vqw@mail.gmail.com> <563FA84C.7030601@si6networks.com> <CAKD1Yr0F888Aw0opSigtC8HV6esUrE1JECKQ4gT737s+43ayfw@mail.gmail.com> <CAG6TeAs8ie=c0F8RMioBpemCw949Bf9c7ZTNvqgaZP=10rmNcQ@mail.gmail.com> <CAKD1Yr1EqbiGJ8EZo8E909zujUt49skcz1SNe8stEWfHnbUsTw@mail.gmail.com> <CAG6TeAsHMTyhbRrOenb1kA9XEDdOCBBbuN3ZGF3LJ=8ToyGtiQ@mail.gmail.com> <CAKD1Yr3RUc9FEw7VyJ=ENH_sJY85m1BESo77v_maShPvCkj6rA@mail.gmail.com> <CAG6TeAv9DPYUCsNG_vHCTOpwwJ8KdhjWeGE=-s6dEuMgaVHf1g@mail.gmail.com> <CAKD1Yr2VXVFareTk-J_+pcr_UW9Do-zf_uYcyjNW-MTPts6hRQ@mail.gmail.com> <CAG6TeAt2JJJmALy=pJFaojbnZrQRE0e0i-D=XtTce=rmbf08tQ@mail.gmail.com> <CAKD1Yr1H2HgxBNOZBrx-ttoB6z6caLAck3csF=ti6CDUzW57ng@mail.gmail.com> <D267B9E3.5DB8C%evyncke@cisco.com> <CAKD1Yr2zY9qr76f-KO7DTnYXQEmMJ0O6M22nFczfjGfL5Dk=dA@mail.gmail.com> <564537A7.90102@si6networks.com> <CAKD1Yr3dUMEoG-De5YWDFyjGehhxBq-uyN-NSqbYgvinDUy8Wg@mail.gmail.com> <56455ACD.6040804@si6networks.com> <CAKD1Yr0V_8DYOCm_BcB-xjKmCJc6AX25J8QZRE-c0CgYnnUM7g@mail.gmail.com>
Date: Fri, 13 Nov 2015 01:15:00 -0300
X-Google-Sender-Auth: 2SRWaSRlERA9KLiGUD7Cox3XcJ8
Message-ID: <CAG6TeAsrKe28qLcKyvjxr57PZaD9KZQTZMd0qPx3+ctLPutDsg@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
To: Lorenzo Colitti <lorenzo@google.com>
Content-Type: multipart/alternative; boundary="001a1142261497a5200524644d9b"
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/rq8jDswgAFY-A7q_kVojyDrcxFg>
Cc: IPv6 Operations <v6ops@ietf.org>
Subject: Re: [v6ops] draft-ietf-v6ops-ula-usage-recommendations - work or abandon?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2015 04:15:03 -0000

El 13/11/2015 12:54, "Lorenzo Colitti" <lorenzo@google.com> escribió:
>
> On Fri, Nov 13, 2015 at 12:36 PM, Fernando Gont <fgont@si6networks.com>
wrote:
>>
>> You claim that it is simpler to achieve that with NATs, than with FWs.
>> How would that happen without relying on a third party, and without
>> guessing port numbers to fake e.g. a TCP simultaneous open?
>
>
> The IP addresses and port numbers could be signaled out of band using
another mechanism (NFC, bluetooth, email, smoke signals, well-known ports,
whatever).

And for that signaling you need.... a third party.

Si it ends up being a discussion of what type of third party one hates the
most.

As noted, shortcuts in the current in the current architecture should not
be interpreted as design principles.. NATs happen to make this very
evident. Don't shoot the messenger for this.

If a network has a policy of only allowing outgoing connections, then any
workaround to do that is an attack on that policy. And making.that
workaround more difficult can thus be seen as a feature.

Fernando

v2.23.0 | Report a Bug | By Email