Re: IPv6 NAT?

To: Rémi Després <remi.despres at free.fr>
Subject: Re: IPv6 NAT?
From: Mark Andrews <Mark_Andrews at isc.org>
Date: Thu, 21 Feb 2008 00:03:57 +1100
Cc: IETF discussion list <ietf at ietf.org>, Dan Wing <dwing at cisco.com>
Delivered-to: ietfarch-ietf-web-archive at core3.amsl.com
Delivered-to: ietf at core3.amsl.com
In-reply-to: Your message of "Wed, 20 Feb 2008 10:08:37 BST." <47BBEE15.8010701 at free.fr>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
Sender: ietf-bounces at ietf.org

	Can't you set your MUA to emit TEXT/PLAIN?  It's just
	plain impolite to send only HTM ~!#!~!#$~ L.

> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
>   <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
> </head>
> <body bgcolor="#ffffff" text="#000000">
> Mark Andrews wrote :
> <blockquote cite="mid:200802192243.m1JMhroY097393 at drugs.dv.isc.org"
>  type="cite">
>   <blockquote type="cite">
>     <pre wrap="">On 19 feb 2008, at 10:02, Dan Wing wrote:
>     </pre>
>     <blockquote type="cite">
>       <pre wrap="">It would be interesting to write it down, and to see what
> would break if the IP stack acquired and provided a fresh
> v6 address to every new connection.  Maybe nothing would
> break, which would be great.
>       </pre>
>     </blockquote>
>   </blockquote>
>   <pre wrap=""><!---->
> You also don't want to do it as you would also need massive churn in
> the DNS.
>   </pre>
> </blockquote>
> The proposal is, more precisely, a new fresh v6 address for each
> OUTGOING connection.<br>

	There are plenty of services that want working reverse
	lookups before they will let you in.  So yes, OUTGOING needs
	to be registered in the DNS as much as INCOMING.  In addition
	that registration has to propogate to all the authoritative
	servers for the relevent zones.
	
> (A new address per incoming connection wouldn't make sense, right?)<br>
> Then, there is no need to concern the DNS with these new addresses:<br>
> - Addresses in the DNS would remain stable.<br>
> - Hosts would&nbsp; simultaneously have their advertised address(es),
> registered in the DNS, and transient addresses for outgoing connections.<br>
> <br>
> This approach, say "extended privacy with fresh address per
> connection",&nbsp; has been introduced as a potential alternative to v6 to
> v6 NATs.<br>
> The goal&nbsp; is to have : (1) privacy and security similar to that of
> these NATs; (2)&nbsp; preservation of E2E significance of addresses and port
> numbers.<br>
> <br>
> If there is interest in at least looking at it, more work would clearly
> be needed.<br>
> In particular, some way to improve the Duplicate Address Discovery
> would have to be devised.<br>
> IMHO, preserving E2E significance has numerous advantages, worth
> extending the scope of studied solutions.<br>
> <br>
> RD<br>
> <br>
> </body>
> </html>
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
_______________________________________________
Ietf mailing list
Ietf at ietf.org
http://www.ietf.org/mailman/listinfo/ietf

References:
- Re: IPv6 NAT?
  - From: Rémi Després

Prev by Date: Re: IPv6 NAT?
Next by Date: Re: IPv6 NAT?
Previous by thread: Re: IPv6 NAT?
Next by thread: PTR for IPv6 clients (Re: IPv6 NAT?)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: IPv6 NAT?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.