IETF Logo Mail Archive

Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Tue, 03 July 2018 07:53 UTC

Return-Path: <prvs=172215dd68=jordi.palet@consulintel.es>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7734130F3F for <v6ops@ietfa.amsl.com>; Tue, 3 Jul 2018 00:53:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rSvq9xvF4BVs for <v6ops@ietfa.amsl.com>; Tue, 3 Jul 2018 00:53:37 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [IPv6:2001:470:1f09:495::5]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D4AF130EF5 for <v6ops@ietf.org>; Tue, 3 Jul 2018 00:53:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1530604415; x=1531209215; i=jordi.palet@consulintel.es; q=dns/txt; h=User-Agent:Date: Subject:From:To:CC:Message-ID:Thread-Topic:References: In-Reply-To:Mime-version:Content-type; bh=DHt8gyuCJolguBzr5g5vdh V59o5JsI4u8OdUYJ9QRzg=; b=DfvX5FKVVyPxfkwTSTU+vU6CDslT4ji6vmbwjW 1gY2EvJiJ2p7Tww1LB8qkAsBy+sNpTyiUv7sxkavC9oFBs88ji7uljDA19scnRa6 6SU9mcnYpX0s1RT6mSMIOfI/MyoGyFmwMx8X5uIFUdgrPmgi+f/Cxl9gMiyzAdFC uLSZI=
X-MDAV-Result: clean
X-MDAV-Processed: mail.consulintel.es, Tue, 03 Jul 2018 09:53:35 +0200
X-Spam-Processed: mail.consulintel.es, Tue, 03 Jul 2018 09:53:35 +0200
Received: from [10.10.10.130] by mail.consulintel.es (MDaemon PRO v16.5.2) with ESMTPA id md50005804691.msg for <v6ops@ietf.org>; Tue, 03 Jul 2018 09:53:34 +0200
X-MDRemoteIP: 2001:470:1f09:495:894b:51e:58ae:a2e5
X-MDHelo: [10.10.10.130]
X-MDArrival-Date: Tue, 03 Jul 2018 09:53:34 +0200
X-Authenticated-Sender: jordi.palet@consulintel.es
X-Return-Path: prvs=172215dd68=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: v6ops@ietf.org
User-Agent: Microsoft-MacOutlook/10.e.1.180613
Date: Tue, 03 Jul 2018 09:53:32 +0200
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: Ca By <cb.list6@gmail.com>, Fred Baker <fredbaker.ietf@gmail.com>
CC: "v6ops@ietf.org list" <v6ops@ietf.org>
Message-ID: <AA0E30BC-F465-4FF4-8A66-1A1A6376C1E5@consulintel.es>
Thread-Topic: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments
References: <663F489C-7F63-4B0C-A5E6-F7EE4634E62B@gmail.com> <60335039-287e-4fb3-870b-2c4fe9b5445d@otenet.gr> <2D196DD1-FF0F-4365-8F50-5AD98DCBA989@gmail.com> <787AE7BB302AE849A7480A190F8B93302DF4F296@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <1F8254E0-D425-486A-B744-EDA836266D99@consulintel.es> <0DEE4384-5CEE-4F9D-8152-4C10B5AEA365@gmail.com> <6195FD70-2934-46D0-8D39-D7FF15844CF7@consulintel.es> <5E7186D6-20BF-4153-A1AE-D25A256F92DA@gmail.com> <CAD6AjGQqaQumYyBPVG6qkc9cs+jSGFKgUnGHkMfJmtes5Fk47g@mail.gmail.com>
In-Reply-To: <CAD6AjGQqaQumYyBPVG6qkc9cs+jSGFKgUnGHkMfJmtes5Fk47g@mail.gmail.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3613456412_944224822"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/zNsfJnMedQieRqWNQCE2Oj0FSE0>
Subject: Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 07:53:40 -0000

Hi Cameron,

 

Fully agree, the issue is always that we don’t have the power to tell operators (content and app providers mainly in this case), “if you do DNSSEC, you must do IPv6”. May be thru ICANN/IANA …

 

I tried that already:

 

https://tools.ietf.org/html/draft-palet-sunset4-ipv6-ready-dns-00

 


Regards,

Jordi

 

 

 

De: Ca By <cb.list6@gmail.com>
Fecha: lunes, 2 de julio de 2018, 23:55
Para: Fred Baker <fredbaker.ietf@gmail.com>
CC: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>, "v6ops@ietf.org list" <v6ops@ietf.org>
Asunto: Re: [v6ops] draft-palet-v6ops-nat64-deployment-02 comments

 

 

 

On Mon, Jul 2, 2018 at 1:41 PM Fred Baker <fredbaker.ietf@gmail.com> wrote:



> On Jul 2, 2018, at 1:17 PM, JORDI PALET MARTINEZ <jordi.palet@consulintel.es> wrote:
> 
> DNSSEC is *only* broken if the dual-stack host is doing DNSSEC validation over the synthetized AAAA.

So you're worried about DNSSEC validation working through NAT64 in the case that the host is using the DNS service in the IPv4 network through the NAT64 device.

That doesn't have anything to do with DNS64; an a 464XLAT network, if we believe RFC 6877, the issue you raise happens in the absence of DNS64.

 

A good postion for the IETF to take is that one should only produce a signed A if they can also produce a signed AAAA, which is not a tall order these says 

 

https://tools.ietf.org/html/draft-byrne-v6ops-dnssecaaaa-00

 


_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

v2.23.0 | Report a Bug | By Email