[prev in list] [next in list] [prev in thread] [next in thread]
List: namedroppers
Subject: RE: [dhcwg] Re: WG last call on draft-ietf-dhc-dhcpv6-opt-dnsconf
From: "Bernie Volz (EUD)" <Bernie.Volz () am1 ! ericsson ! se>
Date: 2003-02-24 19:33:27
[Download RAW message or body]
Isn't it possible for the DHCPv6 server to return IPv4 addresses as per
RFC 2373, section 2.5.4 (IPv6 Addresses with Embedded IPv4 Addresses),
in particular:
A second type of IPv6 address which holds an embedded IPv4 address is
also defined. This address is used to represent the addresses of
IPv4-only nodes (those that *do not* support IPv6) as IPv6 addresses.
This type of address is termed an "IPv4-mapped IPv6 address" and has
the format:
| 80 bits | 16 | 32 bits |
+--------------------------------------+--------------------------+
|0000..............................0000|FFFF| IPv4 address |
+--------------------------------------+----+---------------------+
- Bernie
-----Original Message-----
From: Ralph Droms [mailto:rdroms@cisco.com]
Sent: Monday, February 24, 2003 12:43 PM
To: dhcwg@ietf.org; ipng@sunroof.eng.sun.com; namedroppers@ops.ietf.org
Subject: Re: [dhcwg] Re: WG last call on
draft-ietf-dhc-dhcpv6-opt-dnsconfig-02.txt
Summary of discussion during WG last call on
draft-ietf-dhc-dhcpv6-opt-dnsconfig-02.txt
Pekka Savola, Tony Lindstrom, Bernie Volz and Peter Koch all responded with
editorial suggestions. These suggestions have been incorporated into the
draft and will appear in next published rev.
Peter Koch and Rob Austein commented on the "Security Considerations";
specifically, whether DNSSEC can prevent problems caused by a search list
supplied as part of an attack by a DHCP server. Based on Rob's argument
(and assuming I understood Rob correctly) that DNSSEC can guarantee that a
host can trust the replies it receives, but DNSSEC can't guarantee that the
host has asked the right question based on its search list, I'm inclined to
leave the text in question unchanged.
Alain Durand raised the issue of supplying both IPv4 and IPv6 addresses for
DNS resolvers in the DNS server option. I judged the rough consensus in
the responses to be that restricting the DNS server option to return only
IPv6 addresses is acceptable.
- Ralph
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2656.60">
<TITLE>RE: [dhcwg] Re: WG last call on \
draft-ietf-dhc-dhcpv6-opt-dnsconfig-02.txt</TITLE> </HEAD>
<BODY>
<P><FONT SIZE=2>Isn't it possible for the DHCPv6 server to return IPv4 addresses as \
per</FONT> <BR><FONT SIZE=2>RFC 2373, section 2.5.4 (IPv6 Addresses with Embedded \
IPv4 Addresses),</FONT> <BR><FONT SIZE=2>in particular:</FONT>
</P>
<P><FONT SIZE=2> A second type of IPv6 address which holds an embedded \
IPv4 address is</FONT> <BR><FONT SIZE=2> also defined. This address \
is used to represent the addresses of</FONT> <BR><FONT SIZE=2> IPv4-only \
nodes (those that *do not* support IPv6) as IPv6 addresses.</FONT> <BR><FONT \
SIZE=2> This type of address is termed an "IPv4-mapped IPv6 \
address" and has</FONT> <BR><FONT SIZE=2> the format:</FONT>
</P>
<P><FONT SIZE=2> \
| \
80 bits \
| 16 | 32 \
bits |</FONT> <BR><FONT SIZE=2> \
+--------------------------------------+--------------------------+</FONT> <BR><FONT \
SIZE=2> |0000..............................0000|FFFF| \
IPv4 address |</FONT> <BR><FONT SIZE=2> \
+--------------------------------------+----+---------------------+</FONT> </P>
<P><FONT SIZE=2>- Bernie</FONT>
</P>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Ralph Droms [<A \
HREF="mailto:rdroms@cisco.com">mailto:rdroms@cisco.com</A>]</FONT> <BR><FONT \
SIZE=2>Sent: Monday, February 24, 2003 12:43 PM</FONT> <BR><FONT SIZE=2>To: \
dhcwg@ietf.org; ipng@sunroof.eng.sun.com; namedroppers@ops.ietf.org</FONT> <BR><FONT \
SIZE=2>Subject: Re: [dhcwg] Re: WG last call on</FONT> <BR><FONT \
SIZE=2>draft-ietf-dhc-dhcpv6-opt-dnsconfig-02.txt</FONT> </P>
<BR>
<P><FONT SIZE=2>Summary of discussion during WG last call on </FONT>
<BR><FONT SIZE=2>draft-ietf-dhc-dhcpv6-opt-dnsconfig-02.txt</FONT>
</P>
<P><FONT SIZE=2>Pekka Savola, Tony Lindstrom, Bernie Volz and Peter Koch all \
responded with </FONT> <BR><FONT SIZE=2>editorial suggestions. These \
suggestions have been incorporated into the </FONT> <BR><FONT SIZE=2>draft and will \
appear in next published rev.</FONT> </P>
<P><FONT SIZE=2>Peter Koch and Rob Austein commented on the "Security \
Considerations"; </FONT> <BR><FONT SIZE=2>specifically, whether DNSSEC can \
prevent problems caused by a search list </FONT> <BR><FONT SIZE=2>supplied as part of \
an attack by a DHCP server. Based on Rob's argument </FONT> <BR><FONT \
SIZE=2>(and assuming I understood Rob correctly) that DNSSEC can guarantee that a \
</FONT> <BR><FONT SIZE=2>host can trust the replies it receives, but DNSSEC can't \
guarantee that the </FONT> <BR><FONT SIZE=2>host has asked the right question based \
on its search list, I'm inclined to </FONT> <BR><FONT SIZE=2>leave the text in \
question unchanged.</FONT> </P>
<P><FONT SIZE=2>Alain Durand raised the issue of supplying both IPv4 and IPv6 \
addresses for </FONT> <BR><FONT SIZE=2>DNS resolvers in the DNS server option. \
I judged the rough consensus in </FONT> <BR><FONT SIZE=2>the responses to be that \
restricting the DNS server option to return only </FONT> <BR><FONT SIZE=2>IPv6 \
addresses is acceptable.</FONT> </P>
<P><FONT SIZE=2>- Ralph</FONT>
</P>
<BR>
<P><FONT SIZE=2>_______________________________________________</FONT>
<BR><FONT SIZE=2>dhcwg mailing list</FONT>
<BR><FONT SIZE=2>dhcwg@ietf.org</FONT>
<BR><FONT SIZE=2><A HREF="https://www1.ietf.org/mailman/listinfo/dhcwg" \
TARGET="_blank">https://www1.ietf.org/mailman/listinfo/dhcwg</A></FONT> </P>
</BODY>
</HTML>
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic