Toward more sensible whitelisting

Cameron Byrne cb.list6 at gmail.com
Tue Jun 14 04:08:09 CEST 2011


On Jun 13, 2011 6:54 PM, "Dan Wing" <dwing at cisco.com> wrote:
>
> > -----Original Message-----
> > From: ipv6-ops-bounces+dwing=cisco.com at lists.cluenet.de [mailto:ipv6-
> > ops-bounces+dwing=cisco.com at lists.cluenet.de] On Behalf Of Phil
> > Benchoff
> > Sent: Monday, June 13, 2011 4:36 PM
> > To: ipv6-ops at lists.cluenet.de
> > Subject: Toward more sensible whitelisting
> >
> > The really big content providers are pretty hesitant to add sites to
> > their
> > whitelist (if they even have one).  IPv6 testing primarily depends on
> > users entering a special IPv6 URL which most people won't bother with
> > and may not even know about.  I've been thinking there ought to be some
> > ways to get users with working IPv6 to try the IPv6 version of a site
> > without causing too much worry to the content providers.
> >
> > There are several JavaScript tests of IPv6 connectivity.  Why not use
> > one
> > of them to inform a user he has working IPv6 and offer an easy way to
> > switch to the IPv6 version of the site?
>
> Separate namespaces (e.g., "ipv6.example.com") are bad.  That user,
> who is using the IPv6 namespace, will eventually share content
> via email (cutting and pasting the URL) or on a social network via
> a "share on <social_network>" button.
>
> But that shared content won't work with the other 99.mumble% of the
> Internet population, who are IPv4 only.  People will complain.  Users
> will be unhappy, including the IPv6-friendly user that opted into the
> IPv6 website in the first place.   And IPv6 will be blamed -- afterall,
> "ipv6" name will be right there in the URL (or "ip6", or whatever
> that website chose).
>

Agreed, not ideal. But, could a browser not abstract away this issue to best
fit a host? DNS? Naptr?

I personally only use ipv6.blah in my bookmarks for CNN, Facebook, Google,
Cisco ... but I am not a usual user that prefers to be af agnostic.
Nonetheless, this is an evolving behavior.  If I ran a nat64 network, would
it not behoove me to seed these book marks with ipv6 names on user device
and my customer portal?

Cb

> -d
>
> > Consider
> > http://www.getipv6.info/index.php/Warning_broken_users_with_JavaScript.
> > If you change the way you evaluate the results, you could have a popup
> > tell
> > the user he has working IPv6 and let him click a button to be forwarded
> > to
> > the IPv6 web site.  If a user goes to www.example.com and has working
> > ipv6,
> > he could be prompted to switch to www.ipv6.example.com.  The site
> > operator
> > could choose a popup, automatically forwarded the user, or present a
> > dialog
> > within the content of the site.  These all alter the user experience a
> > bit, but they may be within the range of tolerable changes.
> >
> > Personally, I'm all for adding an AAAA record and fixing the problems
> > that
> > show up.  There don't seem to be that many and there is always the
> > option
> > of removing the AAAA record if necessary.  That being said, I think it
> > is necessary to work with the big content providers and try to find
> > ways
> > to address the things they are worried about.  I suspect the engineers
> > working on IPv6 at those big content companies spend more time
> > convincing
> > others that it is reasonably safe to try a few things than they do
> > actually
> > fixing IPv6 issues.  Everyone involved in trying to move IPv6 forward
> > knows there are broken things in all of the selective IPv6 availability
> > scenarios.  The questions are which are the least broken and what new
> > ones
> > can we invent to move on?
> >
> > The people on the content side of the equation need to understand that
> > the average user isn't going to go out of his way to help them prove
> > that
> > IPv6 is viable.  The only users that will change their DNS resolver are
> > the ones who already type the IPv6 URL.  Network operators with
> > eyeballs
> > are (probably) not going to bake you a cake or get an NIST
> > certification
> > that they really do IPv6.  You're going to have to pick the least sucky
> > looking alternative and take some kind of leap.  If nothing else, start
> > deploying some JavaScript to estimate how well things would work with
> > IPv6
> > and help the sites with unhappy eyeballs get things working.
> >
> > I'm really hoping that an analysis of the numbers and experiences from
> > IPv6 day show that it's really not so bad.
> >
> > Phil
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20110613/f7dda01e/attachment.htm>


More information about the ipv6-ops mailing list