On 28 mrt 2008, at 17:33, marcelo bagnulo wrote:
For v6->v4, the IPv4 address is mapped to IPv6 space locally.
what do you mean by locally?
This:
I.e., if you connect to the network elsewhere, you see a different
mapping.
If I connect to ISP A I'd probably see 2001:A::FFFF:0:0/96 as the
translator prefix and if I then move to ISP B the translator prefix
there would be something like 2001:A::FFFF:0:0/96. So the 6->4 mapping
is a local matter.
On the other hand, if for v4 we assume that there is only a single
IPv4 address that maps to a single IPv6 address (or v4/port to
v6/port) because there aren't enough v4 addresses to have several of
them map to the same v4 address, the IPv4->IPv6 mapping is globally
unique so it can be published in the DNS. This also means that the
records can be signed so there shouldn't be a DNSSEC issue. (Note
though that this requires DNS records TBD. See the MNAT-PT draft for
what this _could_ look like.)
i don't have a preference here, but i am nore focused in the
requirements that we can impose right now.
Do you think it would be possible to impose any form of requirement
for using DNSSec in the v4 host?
Well, for v6->v4 we currently have the synthetic AAAA records. A
translator that doesn't use these is possible in this direction, and
even likely in the v4->v6 direction because we don't have an existing
spec that uses synthetic records for that direction.