[6bone] Request: two 6bone pTLAs

[Iljitsch van Beijnum]

On 9-mei-04, at 21:16, Lars-Johan Liman wrote:

> While I recognize that automagically finding resolvers can be quite
> important, I think that WKAs have already been proven to be not a dead
> end, but a velodrome from which you cannot escape, and where you just
> have to pedal faster and faster.

Do you have any pointers for this?

> 1) A client system shouldn't spew packets (DNS or other) on any other
>    host, without local configuration to make it do so - preferrably
>    through a local configurations service such as DHCP.

Why do you feel so strongly about this?

I would be perfectly fine with stipulating that these addresses 
shouldn't be hardcoded by vendors, but rather specifically configured 
by end-users or their system administrators. Since these addresses will 
disappear in 2 years, hardcoding them would be counterproductive 
anyway.

>    I really dislike a system where I or my ISP can be forced into
>    starting an anycast instance just to balance the traffic and make
>    sure that the service to the "local" clients is up to standard.

I don't see how you would be forced to start an anycast service. And if 
you were so forced, this means there is no uptake of a "real" DNS 
resolver discovery mechanism, so the alternative would be that users 
either have no resolvers, or have to find them manually. Both seem 
infinitely worse than any inconvenience caused by the well-known 
addresses.

>    Things shouldn't be turned "on" by default on the Internet, they
>    should be turned "off". Otherwise you stand the risk of ending up
>    like Windows, where every bell and whistle is turned on by default
>    - open for each and every cracker to take advantage
>    of. Automagically having them turned "on" also puts you in an
>    awkward position from a legal standpoint:

>    E.g., in court:

>    Party1: "You keep bombarding me with traffic!"
>    Party2: "I haven't turned on anything such, so it can't be my 
> fault!"

I'm sorry, I don't find this argument convincing.

> 2) Locking these well known addresses into systems is likely to cement
>    the use of 6bone addressees in a way that we *REALLY* don't want
>    to.

3ffe::/16 is going to be ususable anyway for years to come because of 
stray configuration that has to be cleaned up. And it's not like we're 
running out of IPv6 address space any time soon...

> 3) I think it opens up a Pandora's box of security issues that I, for
>    one, don't want to touch even with my thickest gloves.

Like what?

> DHCP is the way to go. It's there, it works, it's been proven to fit
> into really small appliances.

Do you REALLY want to get into this on this list?

Even if for the sake of argument it would be a good idea to run DHCP 
everywhere (which it isn't), then we still have the problem that some 
significant operating systems currently don't support it don't allow 
the user to add such support easily.

Please understand that this is an experiment. It won't break the 
internet.