Re: Review of: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-03

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, May 02, 2011 at 01:08:38PM -0400, John Leslie wrote:
>    As I read it, this says that certain DNS servers will be configured
> to _not_ return AAAA records to AAAA queries by default.

Yes, that's what the trick does.

>    This strikes me as a really-strange transition mechanism.

Indeed.

The draft is, IMO, a little too diplomatic to say it, but what this
really comes down to is a boneheaded put-spackle-over-it answer to the
problem of previous failed transition mechanisms.

There are eyeballs out there in front of screens.  Those are the
things the content providers want to reach.

Some percentage of those eyeballs are looking at screens with bad or
misconfigured IPv6 connectivity.  But because they don't know that,
they'll ask for AAAA records in their DNS lookups, because they think
they have IPv6 connecitivity.

What the "whitelisting" (scare quotes to address Dave's objection)
trick does is refuse to answer those AAAA queries unless the operator
of the answering server has positive evidence to believe that the AAAA
query is coming from a well-run IPv6 network.  If not, the AAAA is
suppressed.  This causes the AAAA lookups to fail, which causes the
bits to flow via IPv4.  The bits get to the eyeballs, and the content
provider is happy.

That this is a completely unscalable answer to the problem that a tiny
percentage of computers on the Internet are misconfigured is something
the people pushing this "whitelisting" acknowledge.  They're going to
jump off that bridge when they get to it.  Right now, there's hardly
any IPv6 penetration, they say, so they can handle it.

I think that this sort of "whitelisting" is, to be blunt,
short-sighted and foolish, but I think it is better to have a document
that at least explains what it is.  If we had a WCP series, I'd
nominate this for inclusion.

A

-- 
Andrew Sullivan
ajs@xxxxxxxxxxxx
Shinkuro, Inc.
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]