Toward more sensible whitelisting
Brian E Carpenter
brian.e.carpenter at gmail.com
Tue Jun 14 03:50:12 CEST 2011
What are the causes of poor behaviour for IPv6-enabled users
in addition to 6to4 anycast brokenness?
We know how to tackle the 6to4 case*; we should figure out the
other cases. Then the whole whitelisting issue goes away.
*draft-ietf-v6ops-6to4-advisory, which includes specific suggestions
for content providers (which also apply to CDNs).
On 2011-06-14 11:36, Phil Benchoff wrote:
> The really big content providers are pretty hesitant to add sites to their
> whitelist (if they even have one). IPv6 testing primarily depends on
> users entering a special IPv6 URL which most people won't bother with
> and may not even know about. I've been thinking there ought to be some
> ways to get users with working IPv6 to try the IPv6 version of a site
> without causing too much worry to the content providers.
> of them to inform a user he has working IPv6 and offer an easy way to
> switch to the IPv6 version of the site?
> If you change the way you evaluate the results, you could have a popup tell
> the user he has working IPv6 and let him click a button to be forwarded to
> the IPv6 web site. If a user goes to www.example.com and has working ipv6,
> he could be prompted to switch to www.ipv6.example.com. The site operator
> could choose a popup, automatically forwarded the user, or present a dialog
> within the content of the site. These all alter the user experience a
> bit, but they may be within the range of tolerable changes.
> Personally, I'm all for adding an AAAA record and fixing the problems that
> show up. There don't seem to be that many and there is always the option
> of removing the AAAA record if necessary. That being said, I think it
> is necessary to work with the big content providers and try to find ways
> to address the things they are worried about. I suspect the engineers
> working on IPv6 at those big content companies spend more time convincing
> others that it is reasonably safe to try a few things than they do actually
> fixing IPv6 issues. Everyone involved in trying to move IPv6 forward
> knows there are broken things in all of the selective IPv6 availability
> scenarios. The questions are which are the least broken and what new ones
> can we invent to move on?
> The people on the content side of the equation need to understand that
> the average user isn't going to go out of his way to help them prove that
> IPv6 is viable. The only users that will change their DNS resolver are
> the ones who already type the IPv6 URL. Network operators with eyeballs
> are (probably) not going to bake you a cake or get an NIST certification
> that they really do IPv6. You're going to have to pick the least sucky
> looking alternative and take some kind of leap. If nothing else, start
> and help the sites with unhappy eyeballs get things working.
> I'm really hoping that an analysis of the numbers and experiences from
> IPv6 day show that it's really not so bad.
More information about the ipv6-ops