N ATIONAL E NGINEERING & T ECHNICAL O PERATIONS IETF 81 v6ops Meeting IPv6 DNS Whitelisting.

Slides:

Advertisements

Similar presentations

Experimental Internet Resource Allocations Philip Smith, Geoff Huston September 2002.

Advertisements

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Accessing and Using the e-Book Collection from EBSCOhost ® When an arrow appears, click to proceed to the next slide at your own pace. To go back, click.

IEP Amendment Podcast Script Shirley Young, Consultant, OSE-EIS January 13,

NAT64 Operational Experiences draft-chen-v6ops-nat64-experience-03 IETF 84- Vancouver, Aug 2012 Gang Chen China Mobile Zhen Cao China Mobile Cameron Byrne.

[Title of meeting] [Name of sponsor] [Date] For guidance on working with PowerPoint and reformatting slides, click on Help, then Microsoft PowerPoint Help,

60 Recommended Draft Policy ARIN Anti-hijack Policy.

WG RAQMON Internet-Drafts RMON MIB WG Meeting Washington, Nov. 11, 2004.

Draft-campbell-dime-load- considerations-01 IETF 92 DIME Working Group Meeting Dallas, Texas.

Draft Policy ARIN Resolve Conflict Between RSA and 8.2 Utilization Requirements.

Zone Properties. Zone Properties Continued Aging allows zone to remove “stale” or “old” records for clients who have not updated within a certain period.

QuickStart User Guide: January 2008 How to use QuickStart with WileyPLUS!

TX SET Update to RMS Wednesday, October 10, 2007.

Using DHCPv6 for DNS Configuration in Hosts draft-ietf-droms-dnsconfig-dhcpv6-00.txt Ralph Droms.

Dime WG Status Update IETF#81, THURSDAY, July 28, Afternoon Session I.

Recommendations of Unique Local Addresses Usages draft-ietf-v6ops-ula-usage-recommendations-02 draft-ietf-v6ops-ula-usage-recommendations-02 Bing Liu(speaker),

IPv6 Operational Guidelines for Datacenters draft-lopez-v6ops-dc-ipv6 IETF85 – v6ops Diego R. Lopez - Telefónica

Policies by FQDN WatchGuard Training.

July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna

SIEVE Mail Filtering WG IETF 69, Chicago WG Chairs: Cyrus Daboo, Alexey Melnikov Mailing List: Jabber:

ARIN Section 4.10 Austerity Policy Update.

Dime WG Status Update IETF#80, 1-April Agenda overview Agenda bashing WG status update Active drafts Recently expired IESG processing Current milestones.

1 Content-Aware Device Benchmarking Methodology/Terminology (draft-ietf-bmwg-ca-bench-meth-00) BMWG Meeting IETF-82 Taipei November 2011 Mike Hamilton.

1 ARIN’s Policy Development Process Current Number Resource Policy Discussions and How to Participate Dan Alexander ARIN Advisory Council.

Draft-barnes-geopriv-policy-uri. -03 (err… -02) We updated the draft (-02) in early September – … and forgot to post it We updated it again (-03) right.

Enterprise IPv6 Transition Analysis IETF 62 IPv6 Operations Working Group March 7-11, 2005 Minneapolis, MN Presenter Jim Bound Jim Bound (Editor), Yanick.

Device Reset Characterization draft-ietf-bmwg-reset-02 Rajiv Asati Carlos Pignataro Fernando Calabria Cesar Olvera Presented by Andrew.

WG Document Status 192nd IETF TEAS Working Group.

Multiple Interfaces (MIF) WG IETF 79, Beijing, China Margaret Wasserman Hui Deng

6to4 Historic A review of the history of the discussion, in part in response to Keith Moore’s appeal.

Draft-ietf-fecframe-config-signaling-02 1 FEC framework Configuration Signaling draft-ietf-fecframe-config-signaling-02.txt IETF 76 Rajiv Asati.

V6OPS WG – IETF #85 IPv6 for 3GPP Cellular Hosts draft-korhonen-v6ops-rfc3316bis-00 Jouni Korhonen, Jari Arkko, Teemu Savolainen, Suresh Krishnan.

IETF-90 (Toronto) DHC WG Meeting Wednesday, July 23, GMT IETF-90 DHC WG1 Last Updated: 07/21/ :10 EDT.

KMIP Support for PGP Things to take out Things to put in.

Draft Policy ARIN : Remove NRPM section 7.1.

ARIN Update Aaron Hughes ARIN Board of Trustees Focus Increased focus on customer service – Based on feedback and survey Continued IPv4 to IPv6.

How to write a useful abstract By Janis Ramey Report by Heidi Christensen.

Brought to you by powerpointpros.com The Writing Process.

Balanced Security for IPv6 CPE draft-ietf-v6ops-balanced-ipv6-security-01 IETF89 London M. Gysi, G. Leclanche, E. Vyncke, R. Anfinsen.

/ Jonne Soininen v6ops-3GPP Design Team IETF#55, v6ops wg Atlanta, USA Jonne Soininen / Juha Wiljakka

Draft-ietf-sidr-roa-format draft-ietf-sidr-arch Matt Lepinski BBN Technologies.

NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.

RPKI Certificate Policy Status Update Stephen Kent.

BSR Spec Status BSR Spec authors 03/06. Status ID refreshed (now rev-07) Resolved remaining issues we had on our list Updated to reflect WG

Draft-ietf-pim-port-03 wglc. WGLC responses Thomas suggested a long list of changes, mostly editorial –I believe I addressed all Dimitri also had comments.

DHCP-DNS Interaction Bernie Volz IETF-61, DHC WG.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: May 14, 2009 Presented at IEEE session.

1 IETF-70 draft-akhter-bmwg-mpls-meth MPLS Benchmarking Methodology draft-akhter-bmwg-mpls-meth-03 IETF 70 Aamer Akhter / Rajiv Asati /

IETF 80: NETEXT Working Group – Logical Interface Support for IP Hosts 1 Logical Interface Support for IP Hosts Telemaco Melia, Sri Gundavelli, Carlos.

IPFIX Requirements: Document Changes and New Issues Raised Jürgen Quittek, NEC Benoit Claise, Cisco Tanja Zseby, Sebstian Zander, FhG FOKUS.

IETF 81 th Rapid Transition of IPv4 contents to be IPv6-accessible draft-sunq-v6ops-contents-transition-02 Q. Sun, C. Xie, Q. Liu, X. Li, J. Qin and D.

PMIPv6 multicast handover optimization by the Subscription Information Acquisition through the LMA (SIAL) Luis M. Contreras Telefónica I+D Carlos J. Bernardos.

December 4th, ng WG, IETF701 Junghoon Jee, ETRI IP over Problem Statement and Goals draft-ietf-16ng-ps-goals-03.

IPv6 Node Information Queries Update Bob Hinden Vienna IETF.

Recommended Draft Policy ARIN

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

IETF 86 Orlando MBONED.

Nancy Cam-Winget June 2015 SACM Requirements Nancy Cam-Winget June 2015.

Title Goes Here Name (s), Organization, CEOS Affiliation CEOS SIT-33

File Stream and Team Drives

Migration-Issues-xx Where it’s been and might be going

Recommended Draft Policy ARIN : Post-IPv4-Free-Pool-Depletion Transfer Policy Staff Introduction.

David Noveck IETF99 at Prague July 20, 2017

Pancreas Program Functional Inactivity

PowerChart Overview Tab New Feature for Physicians

AHT Title Goes Here Name (s), Organization, CEOS Affiliation

Experimental Internet Resource Allocations

Community-Engaged Partnership Database: VCU’s Commitment to Community Engagement

Update for “Multicast Considerations over IEEE 802 Wireless Media”

Interoperabilty Cipher Suites

Presentation transcript:

N ATIONAL E NGINEERING & T ECHNICAL O PERATIONS IETF 81 v6ops Meeting IPv6 DNS Whitelisting

DNS Whitelisting I-D: draft-ietf-v6ops-v6-aaaa-whitelisting-implications-06draft-ietf-v6ops-v6-aaaa-whitelisting-implications-06 Updated since WGLC based on changes requested in IESG review These included reorganizing some sections of the document and making other changes As a result, it is appropriate to bring this back to the WG for review There are a few open questions for the WG to resolve (see the following slides) 2

Section 2 & 5.1 – Universal Deployment Universal deployment is mentioned as an possible was of deploying, in addition to ad hoc. However, the document makes clear universal deployment is unlikely. One IESG member requested text in 5.1 that this is “harmful” but another IESG member took issue with that. Options: – Leave universal as a possible option but work with the IESG to come up with more agreeable text. – Remove Section 5.1 and only say that universal deployment, while possible, is so unlikely that it is not explored in the I-D (as a minor update to the relevant paragraph in Section 2). – …or something else? 3

Section 3.2 – Similarities to DNS Load Balancing This section currently contains text that includes this sentence: – However, what is different is that in this case the resolvers are not deliberately blocked from receiving DNS responses containing an entire class of addresses; this load balancing function strives to perform a content location-improvement function and not an access control function. Concerns have been raised regarding this text. What would the WG like to do? – Keep it as-is – Delete the sentence – …something else? 4

Section 4 – Motivations Volume-based concerns (recently added, Section 4.1) and IPv6-related impairments (Section 4.2) are listed. – This is an important section as it makes clear that this is not just about IPv6- reated impairment.  Volume  And the stability & process/procedure/monitoring maturity that follows from volume over time – Is this addition okay? Are there more major categories to add? Section 4.3 was added at the suggestion of someone at an implementer (Free vs. Subscription Services) – Keep as-is – Modify – Remove 5

Section 5.3 – Do Not Implement Whitelisting Variations Philip Homburg suggests adding a new section, 5.3.X, to describe the option of returning AAAA RRs at some periodic or random interval, increase over time, to gradually ramp up IPv6 traffic. – Add this? – Or do not add this? For implementers, do the updates to 5.3.2, Gain Experience Using IPv6 Transition Names, better note the relatively limited value of this tactic? (which ties to Section 4.1, volume-based concerns) 6

Section 8 – Is this recommended? The text here was updated to try to reflect a more balanced view of the practice. For implementers (and others), does this section look okay? – Leave as-is – Modify in some way (specific suggestions needed) 7

One Last Question Describing whitelisting as a form of “Access Control” has raised some concerns. – Is a whitelist a sort of access control list (a list controlling access to certain DNS resource records)? – If not, what is it? Options: – Leave as-is when “access control” is mentioned anywhere in the I-D – Change to:  policy control  DNS response control  authoritative DNS control  DNS control  … or something else? 8

N ATIONAL E NGINEERING & T ECHNICAL O PERATIONS Thank You!