Toward more sensible whitelisting

Dan Wing dwing at cisco.com
Tue Jun 14 03:54:32 CEST 2011


> -----Original Message-----
> From: ipv6-ops-bounces+dwing=cisco.com at lists.cluenet.de [mailto:ipv6-
> ops-bounces+dwing=cisco.com at lists.cluenet.de] On Behalf Of Phil
> Benchoff
> Sent: Monday, June 13, 2011 4:36 PM
> To: ipv6-ops at lists.cluenet.de
> Subject: Toward more sensible whitelisting
> 
> The really big content providers are pretty hesitant to add sites to
> their
> whitelist (if they even have one).  IPv6 testing primarily depends on
> users entering a special IPv6 URL which most people won't bother with
> and may not even know about.  I've been thinking there ought to be some
> ways to get users with working IPv6 to try the IPv6 version of a site
> without causing too much worry to the content providers.
> 
> There are several JavaScript tests of IPv6 connectivity.  Why not use
> one
> of them to inform a user he has working IPv6 and offer an easy way to
> switch to the IPv6 version of the site?

Separate namespaces (e.g., "ipv6.example.com") are bad.  That user,
who is using the IPv6 namespace, will eventually share content 
via email (cutting and pasting the URL) or on a social network via 
a "share on <social_network>" button.

But that shared content won't work with the other 99.mumble% of the 
Internet population, who are IPv4 only.  People will complain.  Users 
will be unhappy, including the IPv6-friendly user that opted into the
IPv6 website in the first place.   And IPv6 will be blamed -- afterall,
"ipv6" name will be right there in the URL (or "ip6", or whatever
that website chose).

-d

> Consider
> http://www.getipv6.info/index.php/Warning_broken_users_with_JavaScript.
> If you change the way you evaluate the results, you could have a popup
> tell
> the user he has working IPv6 and let him click a button to be forwarded
> to
> the IPv6 web site.  If a user goes to www.example.com and has working
> ipv6,
> he could be prompted to switch to www.ipv6.example.com.  The site
> operator
> could choose a popup, automatically forwarded the user, or present a
> dialog
> within the content of the site.  These all alter the user experience a
> bit, but they may be within the range of tolerable changes.
> 
> Personally, I'm all for adding an AAAA record and fixing the problems
> that
> show up.  There don't seem to be that many and there is always the
> option
> of removing the AAAA record if necessary.  That being said, I think it
> is necessary to work with the big content providers and try to find
> ways
> to address the things they are worried about.  I suspect the engineers
> working on IPv6 at those big content companies spend more time
> convincing
> others that it is reasonably safe to try a few things than they do
> actually
> fixing IPv6 issues.  Everyone involved in trying to move IPv6 forward
> knows there are broken things in all of the selective IPv6 availability
> scenarios.  The questions are which are the least broken and what new
> ones
> can we invent to move on?
> 
> The people on the content side of the equation need to understand that
> the average user isn't going to go out of his way to help them prove
> that
> IPv6 is viable.  The only users that will change their DNS resolver are
> the ones who already type the IPv6 URL.  Network operators with
> eyeballs
> are (probably) not going to bake you a cake or get an NIST
> certification
> that they really do IPv6.  You're going to have to pick the least sucky
> looking alternative and take some kind of leap.  If nothing else, start
> deploying some JavaScript to estimate how well things would work with
> IPv6
> and help the sites with unhappy eyeballs get things working.
> 
> I'm really hoping that an analysis of the numbers and experiences from
> IPv6 day show that it's really not so bad.
> 
> Phil




More information about the ipv6-ops mailing list