ARIN-PPML Message

[arin-ppml] Opposed to 2010-9 and 2010-12

In message <AANLkTim5cKtxyu211p2st0gC+E94DxukXG4FusqDLe21 at mail.gmail.com>, Will
iam Herrin writes:
> On Wed, Oct 13, 2010 at 8:31 PM, Mark Andrews <marka at isc.org> wrote:
> > In message <AANLkTi=3Dobst=3DA-mt35+gKTvpgRgLfCxjWm1izBbOihXc at mail.gmail.=
> com>, Will
> > iam Herrin writes:
> >> Go build me a distribution protocol so I can configure the 6rd
> >> translations in just one place (like I do for routes) and expect them
> >> to dynamically propagate to all of my v6/v4 borders. Then we'll talk
> >> about equivalence of effort.
> >
> > I could design it in about 10 minutes as could just about anyone
> > on this list.
> >
> > telnet 6rd-prefix-server 6rd-prefix-port | import-6rd-table
> >
> > Prefix count <4 octets>.
> > 6rdPrefix (16 octets) | IPv4MaskLen (1 octet) | 6rdPrefixLen (1 octet)
> 
> Mark,
> 
> Telnet? Seriously? I had planned to respond to the set-up with "ssh to
> the cli is a very bad distribution protocol," but telnet? I see you're
> from ISC so you must be a smart guy, but what rock have you been
> living under?

Conceptually telnet is all that is needed.  There are lots of ways
to secure this.  If you need me to specify one then a client cert
and ssl would work.  Or you could use HMACMD5 with a shared key or
...  Ask your 6rd border vendor which method they would prefer.

You have the data payload and I'm quite sure that one could support
half a dozen different security wrappers on the distribution server.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org