<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML con formato previo Car";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLconformatoprevioCar
{mso-style-name:"HTML con formato previo Car";
mso-style-priority:99;
mso-style-link:"HTML con formato previo";
font-family:"Consolas",serif;}
span.moz-txt-tag
{mso-style-name:moz-txt-tag;}
span.EstiloCorreo21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=ES link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>Hi Kai,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>Responses below, in-line.<o:p></o:p></span></p><div><p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;color:black'><br>Regards,<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:10.5pt;color:black;mso-fareast-language:EN-US'>Jordi<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:10.5pt;color:black;mso-fareast-language:EN-US'><o:p> </o:p></span></p></div><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='margin-left:35.4pt'><b><span style='font-size:12.0pt;color:black'>De: </span></b><span style='font-size:12.0pt;color:black'>address-policy-wg <address-policy-wg-bounces@ripe.net> en nombre de Kai 'wusel' Siering <wusel+ml@uu.org><br><b>Organización: </b>Unseen University, Department of Magic Mails<br><b>Fecha: </b>martes, 17 de abril de 2018, 23:24<br><b>Para: </b><address-policy-wg@ripe.net><br><b>Asunto: </b>Re: [address-policy-wg] 2018-02 New Policy Proposal (Assignment Clarification in IPv6 Policy)<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><a name="_MailOriginalBody">Moin,<br><br>am 17.04.2018 um 16:51 schrieb JORDI PALET MARTINEZ via address-policy-wg:<o:p></o:p></a></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'>I've also suggested the same text in the other 4 RIRs with equivalent policy proposal, because all them have the same problem.<o:p></o:p></span></pre></blockquote><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><br>From my point of view, if there's a policy that's sound and valid for other RIRs, they will adopt it over time. IF they struggle with similar issues (which I frankly don't know).<br><br><o:p></o:p></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>Yes, I can confirm that in the other RIRs policy there is the same sub-assignment text as we initially had, so same issues.<o:p></o:p></span></span></p><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><br><br><o:p></o:p></span></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'>The main point is to clarify the actual interpretation to make clear that it is allowed from up to a single /64, to use non-permanently, any number of addresses (not just a single one).<o:p></o:p></span></pre></blockquote><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><br>Above all, what exactly is unclear in "the actual interpretation" done by whom?<br><br><o:p></o:p></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>If you followed the previous discussion it was clear that actual policy text talks about a single address, but then the talks about /64 …<o:p></o:p></span></span></p><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><br><br><o:p></o:p></span></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'>2) Is not a sub-assignment up to a /64 if non-permanent. Example a device in a hot-spot, with use multiple addresses (example, VMs) from a single /64, or the same situation if an employee brings any kind of device to the enterprise WiFi or wired network.<o:p></o:p></span></pre></blockquote><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><br>With "in a hot-spot" you refer to WiFi? The "assignment" of a specific prefix for a specific WiFi in all practical setups will be a permanent one — no-one rotates the /64s on their WiFi APs every other week or even year. So, as we're on a clarifying mission, what constitutes a) a "permanent" and b) a "[sub-] assignment"?<br><br><o:p></o:p></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>You’re confused here I think. We are talking about the address that get the customer of the hotspot, so what you get when you connect to that WiFi accesspoint. The access point may get a single /64 or may be is a router and is getting /56 so it has many /64s available to provisioning to each “customers” as per RFC8273 (for example).<o:p></o:p></span></span></p><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><br>ripe-699 tried to ensure that RIPE NCC does not "misinterpret" third parties getting leases (or, in the SLAAC case, just grabbing the MAC-based address) from a PI assignment as a "[sub-] assignment" of said address space. </span></span><span style='mso-bookmark:_MailOriginalBody'>If the changed text actually will work as intended is yet to be seen — why the rush to change the policy text _again_?!<o:p></o:p></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>Because I don’t think it was a good change and I’d the option to appeal that or start a new proposal improving it.<o:p></o:p></span></span></p><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><br>It's my strong believe that adding more wording about what use isn't considered as a "[sub-] assignment" will only lead to more edge cases and more vague applications. <o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>I think in the other way around, we are making it clearer.<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><o:p> </o:p></span></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>This means that I'm excluding the case of a data center allocating <span class=moz-txt-tag><b>*</b></span><b>permanent<span class=moz-txt-tag>*</span></b> /64 to server interfaces (non-permanent will be ok). </span>Remember that <o:p></o:p></span></pre></blockquote><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><br>I'm not a datacenter, but I run stuff in datacenters. Are you intending to forbid this use case? Are you actively trying to make PIv6 go away completely by disallowing any practical use?<br><br><o:p></o:p></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>No, this is not my intent. I’m asking the WG what they think on this (and I stated that my view may be wrong).<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><o:p> </o:p></span></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>this is for PI, and my personal opinion on this is that, a datacenter, should be an LIR, so using PA.<o:p></o:p></span></span></pre></blockquote><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><br></span></span><span style='mso-bookmark:_MailOriginalBody'>A datacenter is a datacenter, an ISP is an ISP, and an End User is an End User; none of these are forced to become a LIR. Actually, PI, Provider Independent address space, can make much sense for an independent datacenter operator to run their infrastructure with — as well as for an ambitious End User.<br><br><o:p></o:p></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>Let’s see if the WG has that view as well. This is why I’m asking.<o:p></o:p></span></span></p><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><br>If an End User becomes an ISP, they still may use their PI address space for their infrastructure. </span></span><span style='mso-bookmark:_MailOriginalBody'>The same applies to an End User or ISP who becomes a LIR ... Please remember: »LIRs are generally ISPs whose customers are primarily End Users and possibly other ISPs.« It's not: »Any ISP must be a LIR in order to assign address space to their end users.« It's neither: »Anyone in need of IPv6 address space must become an LIR.«<br><br>But let's review the suggested new policy text: »[…] The fact that a unique address or even a unique /64 prefix is non-permanently provided to third parties, on a link operated by the original receiver of the assignment, shall not be considered a sub-assignment.«<br><br>So, if I, as the assignment holder of PIv6 space, allocate a /64 for any of my family member's devices (e. g. a /64 for my gear, a /64 for my wife's and each kid's devices) for accountability (that is: legal) reasons, that's sub-assigning (again)? After all, it's my infra they use.<br><br><o:p></o:p></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>With previous policy that was not possible. With actual policy if it is a single address is possible. With my proposal, /64 is possible.<o:p></o:p></span></span></p><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><br>Is a tunnel over my DSL line to a friend a »link operated« by me or my friend or my or his access provider? </span></span><span style='mso-bookmark:_MailOriginalBody'>We would use <assigned-prefix>:<day>::/64 for it, so it's definately not »permanently provided«.<br><br><o:p></o:p></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>There always ways to trick every policy, you don’t think so?<o:p></o:p></span></span></p><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><br>»This includes, for example, guests or employees (devices or servers), hotspots, and point-to-point links or VPNs.«<br><br>VPN- and P2P-links are usually configured via static, hence »permanent«, addresses, this contradicts what was stated before.<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><o:p> </o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>I don’t think so, typically VPNs you have a pool of addresses for “all the VPN customers”. It can be the other way around, and of course it can be an “always-on” VPN. For me that is a point-to-point actually (it is a permanent link).<o:p></o:p></span></span></p><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><br>»The provision of addressing for permanent connectivity or broadband services is still considered a sub-assignment. </span></span><span style='mso-bookmark:_MailOriginalBody'>Only the addressing of the point-to-point link itself can be permanent and that addressing can't be used (neither directly or indirectly) for the actual communication.«<br><br>How is traffic going over »the point-to-point link« (which, actually?) not »indirectly« making use of the »addressing« of that link »for the actual communication«? Without addresses, there would be no link, would there?<br><br><br><br>As I said, the more fine-grained the policy text, the more issues you get, the less clear the policy becomes. </span><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>Therefore I object this proposal.<br><br><o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>I suggested in a previous email a more open text, to avoid going into too much fine-grained text.<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><o:p> </o:p></span></span></p><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>I'm really puzzled why no-one is aiming to simply amend »7. </span></span><span style='mso-bookmark:_MailOriginalBody'>IPv6 Provider Independent (PI) Assignments« by something along »PIv6 is not to be used as ›PA lite‹; use of PIv6 should be centered running assignment holder's infrastructure, not as a means to provide ISP services to end users.« To me, that's the bottom line regarding the intended use of PIv6 space.<br><br><o:p></o:p></span></p><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>This was one of my first suggestions when Max started this work. Then I was convinced by the community that we should allow this …<o:p></o:p></span></span></p><p class=MsoNormal style='margin-left:35.4pt'><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><br>Regards,<br>-kai<br><br>FTR: </span></span><span style='mso-bookmark:_MailOriginalBody'></span><a href="https://www.ripe.net/participate/2016-04#impact-analysis"><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>https://www.ripe.net/participate/2016-04#impact-analysis</span></span><span style='mso-bookmark:_MailOriginalBody'></span></a><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US> gives an 404 in </span></span><span style='mso-bookmark:_MailOriginalBody'></span><a href="https://www.ripe.net/participate/policies/proposals/2018-02"><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>https://www.ripe.net/participate/policies/proposals/2018-02</span></span><span style='mso-bookmark:_MailOriginalBody'></span></a><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>, proper link address seems to be </span></span><span style='mso-bookmark:_MailOriginalBody'></span><a href="https://www.ripe.net/participate/policies/proposals/2016-04#impact-analysis"><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US>https://www.ripe.net/participate/policies/proposals/2016-04#impact-analysis</span></span><span style='mso-bookmark:_MailOriginalBody'></span></a><span style='mso-bookmark:_MailOriginalBody'><span lang=EN-US><br><br><br></span></span><span lang=EN-US><o:p></o:p></span></p></div><br>**********************************************<br>
IPv4 is over<br>
Are you ready for the new Internet ?<br>
http://www.consulintel.es<br>
The IPv6 Company<br>
<br>
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.<br>
<br>
</body></html>