IETF Logo Mail Archive

Re: [v6ops] Implementation Status of PREF64

David Farmer <farmer@umn.edu> Mon, 11 October 2021 17:53 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 524AD3A044D for <v6ops@ietfa.amsl.com>; Mon, 11 Oct 2021 10:53:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bdcUvGczY4YH for <v6ops@ietfa.amsl.com>; Mon, 11 Oct 2021 10:52:58 -0700 (PDT)
Received: from mta-p6.oit.umn.edu (mta-p6.oit.umn.edu [134.84.196.206]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F1163A040D for <v6ops@ietf.org>; Mon, 11 Oct 2021 10:52:27 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mta-p6.oit.umn.edu (Postfix) with ESMTP id 4HSmbG603Mz9vDtv for <v6ops@ietf.org>; Mon, 11 Oct 2021 17:52:26 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p6.oit.umn.edu ([127.0.0.1]) by localhost (mta-p6.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BbxbNyWidxsE for <v6ops@ietf.org>; Mon, 11 Oct 2021 12:52:26 -0500 (CDT)
Received: from mail-yb1-f198.google.com (mail-yb1-f198.google.com [209.85.219.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p6.oit.umn.edu (Postfix) with ESMTPS id 4HSmbG3cz0z9vDvK for <v6ops@ietf.org>; Mon, 11 Oct 2021 12:52:26 -0500 (CDT)
DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p6.oit.umn.edu 4HSmbG3cz0z9vDvK
DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p6.oit.umn.edu 4HSmbG3cz0z9vDvK
Received: by mail-yb1-f198.google.com with SMTP id b9-20020a5b07890000b0290558245b7eabso24078789ybq.10 for <v6ops@ietf.org>; Mon, 11 Oct 2021 10:52:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UMw3rKyqJFt1JaSXBdE6OXtyxsdDyUh6jMynMJY3gv8=; b=FZ6TE9SvWfAOnLif+61fctw0Tf0Mr98CaftGy1oj0UCI1kqo0Fst36NgdKddulCIan zjZhkr0bnDI5Byvdgd44BQ5UDRCWZ5pRe7OX2lVPiJLVYMQ/4bsKKka7Nz3/7tnfj7YT /Ld/nP39tCuHmju+NFdapBx83UYXnoiT+ZbaRpfUhdKTV6U/uqczKI96eP0XQoFMY1AH 4EwcefMMYAVKwgnbPGQw/fylaNgwc2HyymjOSSqSKIEJuGry8Tu9LuL1OXl6rX7QUyYL tpXvyRhlU3L7w2AvDYjRtkLzQF4Wh3inM9arZyEgnjDTP5SLtlAGxbbeep+iKuUfzY6e A8aQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UMw3rKyqJFt1JaSXBdE6OXtyxsdDyUh6jMynMJY3gv8=; b=QSV5qjblnqKVk/Y+ZPRHf9cOl92+zrdNpDoqKCj1AUIbePi9ZVJhymot71B/25Vre5 XZH+rSDkuxSSXmKiRFxPK4r8q+uzqq88QdvzRmSCDLtFBB+fWeYrCqpNx6PH11q5I7px pVfjZ1hmoKp/M6KY6i4giTUPA8TQuccJTx1IcJL1zBJea/NaZ7M+B2nBqGOXYRyVceVH rzlx5s16RAaj/zVIv6OiUZjZwanLke0rHbioB0EVnNWBR7cicJAWPmWWrgQaABkbnA1p Pj/9gI9qf/C7kJVFL/tlMBbmIkcNLuCF/TUiOEb5MTP1+TFFHDla51lzxAQvQX/GmeSX OVHw==
X-Gm-Message-State: AOAM533LESh2eed347Q6mx8Dvkjhwxfu+V3ENY69fBLynACk8P6sA7zq UYjMTwaf5yGeX5taNXMHZdehq81W6nMSe8oWFGr+8Qq+Mgd8Zsd4bpxL43+SrZfq5n9CFL93rlx TZz9A4G7zsX9lfniMUyU+//+jxw==
X-Received: by 2002:a5b:c8c:: with SMTP id i12mr20712820ybq.45.1633974745572; Mon, 11 Oct 2021 10:52:25 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzxkIqRzoMUsGbrvma588fsneQOuzlqQHv7a2CCTGeu3VqOAvAZlXJr4zuo0+CDKuOtlmCf2rOrLh8H4XrfFFs=
X-Received: by 2002:a5b:c8c:: with SMTP id i12mr20712777ybq.45.1633974745136; Mon, 11 Oct 2021 10:52:25 -0700 (PDT)
MIME-Version: 1.0
References: <DDA36020-90CC-471B-83AD-3D98950F1164@delong.com> <CAKD1Yr0T-7t-UHbsJBMLpTjKhPAV5uUQkux6oby89TVUue7PyA@mail.gmail.com> <CO1PR11MB4881D400EA4681F1505040D2D8AA9@CO1PR11MB4881.namprd11.prod.outlook.com> <CAKD1Yr3TmqFxjKuZ57wS7VuPOf6rJvOwnvnQdFrRLQ=DkZ+CCw@mail.gmail.com> <CO1PR11MB4881F411A4D5BEA7A8479726D8AA9@CO1PR11MB4881.namprd11.prod.outlook.com> <D8AEA194-293B-43E4-BCAE-33CD81FB7D8C@delong.com> <CAKD1Yr2Tug-PFV7wAh0s6-gw8W3LcLG7wC1fD7Lu_hMZQYKdtw@mail.gmail.com> <08D2885E-B824-48E8-9703-DCA98771FA37@delong.com> <CAKD1Yr2EVsY3tYUf56R0Q1+KVrowtqh-HgwXj5vxzy4wd-vkTg@mail.gmail.com> <1A6ED87B-666E-439C-852F-2E5C904C0515@delong.com> <CAKD1Yr23fY2DJDvB-9eVFRsxnBnZQ0kZuZfYUfRUHYW=_D=enA@mail.gmail.com> <CAN-Dau1z0q0R61x7iY+Wg_cFRU0jmqr+fR0y=bSXxj+K-n722w@mail.gmail.com> <CAKD1Yr1T_mXfxJGHOrBfqZfexm6GTrUqnFi57710pTroKQK6uQ@mail.gmail.com> <702CB018-1A02-4B32-B9AA-7C7B31521F12@delong.com> <CAKD1Yr0jZR8Efzr_Y6FeiBvHYS8ATmDupx2ABTXXy-rSA_QjmA@mail.gmail.com> <1adb70a8-db0a-4ea6-f721-c1035343cda3@foobar.org> <DM6PR02MB69249D4F0A8003E77EC9F153C3B19@DM6PR02MB6924.namprd02.prod.outlook.com> <E1FED93B-674C-46DD-8C39-F6C30475C48A@delong.com> <CAKD1Yr34jv_N0jGKdg=sG76oGU7PdRjYFC_-w9Uvzs=7oGm38w@mail.gmail.com> <E6316781-AC7D-438F-B216-75B1DF9217DC@delong.com> <CAKD1Yr10OKMJ1y8bs5xpt6jS8ZWsqs66oFCXmp-QLySS5Yn4hg@mail.gmail.com> <CAN-Dau3JxPucFnbwZB-M5UD3KkSV++7u03AMQ7vOZJKqPHpJ3Q@mail.gmail.com> <403087B1-51A5-4DF4-9884-441D443DACC2@delong.com>
In-Reply-To: <403087B1-51A5-4DF4-9884-441D443DACC2@delong.com>
From: David Farmer <farmer@umn.edu>
Date: Mon, 11 Oct 2021 12:52:09 -0500
Message-ID: <CAN-Dau3FBLVUSTQsFTrbDEAdy95L8evPdeD_Jg1sK34+DK0O1A@mail.gmail.com>
To: Owen DeLong <owen=40delong.com@dmarc.ietf.org>
Cc: Lorenzo Colitti <lorenzo@google.com>, v6ops list <v6ops@ietf.org>, Owen DeLong <owen@delong.com>
Content-Type: multipart/alternative; boundary="000000000000419dc805ce17643b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/vwBNjGh3sRgbMoRfX5k8_coCsT8>
Subject: Re: [v6ops] Implementation Status of PREF64
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Oct 2021 17:53:04 -0000

On Mon, Oct 11, 2021 at 12:09 PM Owen DeLong <owen=
40delong.com@dmarc.ietf.org> wrote:

>
>
> On Oct 11, 2021, at 09:37 , David Farmer <farmer=40umn.edu@dmarc.ietf.org>
> wrote:
>
>
>
> On Mon, Oct 11, 2021 at 1:13 AM Lorenzo Colitti <lorenzo=
> 40google.com@dmarc.ietf.org> wrote:
>
>> On Mon, Oct 11, 2021 at 1:36 PM Owen DeLong <owen=
>> 40delong.com@dmarc.ietf.org> wrote:
>>
>>> Suppose an OS developer ships a DHCPv6 implementation that requires N
>>> addresses and does not enable the IPv6 stack unless it receives all of
>>> them. How does that do anything to address statements such as, "my network,
>>> my rules" that have been made on this thread? Any operator that wants to
>>> assign only one address per device still cannot use such hosts on their
>>> network, and can still criticise the implementation for not doing what they
>>> want.
>>>
>>> At least it provides a possible way forward for networks that don’t want
>>> to assign addresses outside of IA_NA or IA_PD to provide addressing to
>>> android devices.
>>>
>>> Surely a single IA_NA + a routed IA_PD would meet your requirements,
>>> right?
>>>
>>
>> IA_PD, even by itself without IA_NA, has none of the concerns in this
>> thread. RFC 7934 explicitly recommends it, actually. Not sure if enterprise
>> network operators can or would want to deploy IA_PD though. Is that
>> something that we can nudge the industry towards?
>>
>
> I think this is a perfectly reasonable option for the general purpose use
> case, but I will note there is no clear guidance for the use case of IA_PD
> on Hosts, and even the guidance for the use of IA_PD with routers is
> somewhat fuzzy or at least incomplete, in my opinion. Nevertheless, this
> may or may not be reasonable for special or restricted purpose use cases,
> especially when compliance regimes are required, like PCI or NIST-800-171.
> I support IA_PA on hosts, but whether or not that is an acceptable
> replacement for IA_AN and/or IA_TA for all use cases is very much an open
> question, and not entirely a technical question for that matter.
>
>
> At the point where a host solicits and/or accepts IA_PD, it has
> effectively declared itself to be a router.
>
> Since most android devices have multiple interface and the ability to
> provide a “hotspot” capability, they are, in fact, routers.
>

Yes, that is technically correct, and I expect most enterprises don't, or
at least don't want to, view Android devices as routers. Also, I expect
extending the network or "tethering" is not acceptable behavior in a PCI
or NIST-800-171 compliance contexts. So, that is part of the challenge for
this approach. and why this may not be an acceptable replacement for IA_AN
and/or IA_TA.

Thanks
-- 
===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email