IETF Logo Mail Archive

Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments

Ca By <cb.list6@gmail.com> Mon, 02 July 2018 21:55 UTC

Return-Path: <cb.list6@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 058C413118A for <v6ops@ietfa.amsl.com>; Mon, 2 Jul 2018 14:55:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Level:
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CQ0YkCFT0rAP for <v6ops@ietfa.amsl.com>; Mon, 2 Jul 2018 14:55:22 -0700 (PDT)
Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2995130E85 for <v6ops@ietf.org>; Mon, 2 Jul 2018 14:55:21 -0700 (PDT)
Received: by mail-yw0-x22d.google.com with SMTP id t198-v6so7196926ywc.3 for <v6ops@ietf.org>; Mon, 02 Jul 2018 14:55:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6HZ6j35OOjcgpwcbChU6QYTYr00q3gJz3oYX+N07d0M=; b=Nm8JQdt24k6lrsA+kZv0jkTX0FChjpErwQGFZFon1rfdhpIwI7v140cG+MC7VdKAqv 4tIs2nz8mgHIYZt8udItjPUZZOVC+ZlCx4+TviEGvGpnB2Nl8u6/HVvVfabTl/fLTdaq bKQ9wOeZJAbc+NAePvjpffFZWPwjNfrqhl4wlfsqfe4O5PPgjmlToy6RxrYoE6rcEqAf IDB0UkqiCd2Gw4QioHIZ4sxJaZIaqqz4FP+n/DWQBwFLsrfHYGiCqNYjJNtDCjtN/qQ/ tr/blyqpuXPJtrYOIq4NM++mahGnwtRdcrhyqRzhWU6Vdaps2xqcQiOLTcWgFecECksW C+rg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6HZ6j35OOjcgpwcbChU6QYTYr00q3gJz3oYX+N07d0M=; b=ni6X6cZ4rdbk6lZqIbObT9t9LpL2aq/KKXsdWff6Vu7HAaxrjg7eGcuHjMEJdqhV0m t9hS8ch11gAZi7EZzjTz4Vqvn1pUWIf2MLzjqJTm16e7N/1NeiRe7KJijDPeSykeE146 lNbnFKq0OsHvf6GLt70CsHzhffNKGCnBoqXXwBZ82wYnkqjhJojPi+4zOu4pFdbJ0T+w xou8F6+E5gKNxhvjS0hJL0x/eMr9ifEF/2WeiLuKwZUOU0ShUtd5SC8JPhH4uoDzCfr8 3gXzsElOo8qqAFqWuNDbCsQjyNFrTlFLswpZzRhosWb1n7+xXTzW2vIZO9S4Pua5AehM 9I1g==
X-Gm-Message-State: APt69E1QSdi9cdt/TiwcwHAL7Y/SNKZ6wyxXNtBbTucwBxDd56sxi/EV IFgHQpjR4fxbOdOFNJqw+5eBb1u9V/c21axIBy4=
X-Google-Smtp-Source: AAOMgpdrVoNTf0D2k0KfeTLIMbSz+i7+XiP2e0MsjXK++NnkPMyBxfWWeUIZJMpG0pt7Vaf6B8AG44XQyGRl9IPzDzk=
X-Received: by 2002:a81:997:: with SMTP id 145-v6mr4914128ywj.391.1530568521016; Mon, 02 Jul 2018 14:55:21 -0700 (PDT)
MIME-Version: 1.0
References: <663F489C-7F63-4B0C-A5E6-F7EE4634E62B@gmail.com> <60335039-287e-4fb3-870b-2c4fe9b5445d@otenet.gr> <2D196DD1-FF0F-4365-8F50-5AD98DCBA989@gmail.com> <787AE7BB302AE849A7480A190F8B93302DF4F296@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <1F8254E0-D425-486A-B744-EDA836266D99@consulintel.es> <0DEE4384-5CEE-4F9D-8152-4C10B5AEA365@gmail.com> <6195FD70-2934-46D0-8D39-D7FF15844CF7@consulintel.es> <5E7186D6-20BF-4153-A1AE-D25A256F92DA@gmail.com>
In-Reply-To: <5E7186D6-20BF-4153-A1AE-D25A256F92DA@gmail.com>
From: Ca By <cb.list6@gmail.com>
Date: Mon, 02 Jul 2018 14:55:09 -0700
Message-ID: <CAD6AjGQqaQumYyBPVG6qkc9cs+jSGFKgUnGHkMfJmtes5Fk47g@mail.gmail.com>
To: Fred Baker <fredbaker.ietf@gmail.com>
Cc: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>, "v6ops@ietf.org list" <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ffeab405700b4046"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/y_SUzaLXlUCfr-KLcZr1jkqGbRc>
Subject: Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jul 2018 21:55:23 -0000

On Mon, Jul 2, 2018 at 1:41 PM Fred Baker <fredbaker.ietf@gmail.com> wrote:

>
>
> > On Jul 2, 2018, at 1:17 PM, JORDI PALET MARTINEZ <
> jordi.palet@consulintel.es> wrote:
> >
> > DNSSEC is *only* broken if the dual-stack host is doing DNSSEC
> validation over the synthetized AAAA.
>
> So you're worried about DNSSEC validation working through NAT64 in the
> case that the host is using the DNS service in the IPv4 network through the
> NAT64 device.
>
> That doesn't have anything to do with DNS64; an a 464XLAT network, if we
> believe RFC 6877, the issue you raise happens in the absence of DNS64.


A good postion for the IETF to take is that one should only produce a
signed A if they can also produce a signed AAAA, which is not a tall order
these says

https://tools.ietf.org/html/draft-byrne-v6ops-dnssecaaaa-00


> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email