Re: [Cryptography] IPv6 and IPSEC

2013-09-04 Thread Taral
On Tue, Sep 3, 2013 at 8:54 PM, Lucky Green shamr...@cypherpunks.to wrote: In its cryptic explanation of the bounces, Google makes one thing clear: whatever reason they have to bounce the email, that reason only applies to IPv6. I believe this is wrong. It only applies to IPv6 because

Re: [Cryptography] IPv6 and IPSEC

2013-09-04 Thread Taral
On Sep 4, 2013 12:14 AM, Lucky Green shamr...@cypherpunks.to wrote: I *have* PTR records for my IPv6 addresses. What I don't know is which PTR records will make Gmail happy. SPF PTR records clearly do not do the trick. SPF uses TXT records, not PTR ones. Can you share your IPv6 address? I'll

Re: [Cryptography] IPv6 and IPSEC

2013-09-04 Thread Lucky Green
On Tue, Sep 03, 2013 at 10:27:14PM -0700, Taral wrote: On Tue, Sep 3, 2013 at 8:54 PM, Lucky Green shamr...@cypherpunks.to wrote: In its cryptic explanation of the bounces, Google makes one thing clear: whatever reason they have to bounce the email, that reason only applies to IPv6. I

Re: [Cryptography] IPv6 and IPSEC

2013-09-04 Thread Perry E. Metzger
On Wed, 4 Sep 2013 09:14:36 +0200 Lucky Green shamr...@cypherpunks.to wrote: I *have* PTR records for my IPv6 addresses. What I don't know is which PTR records will make Gmail happy. SPF PTR records clearly do not do the trick. I think this conversation has, at this point, gone well beyond the

Re: [Cryptography] IPv6 and IPSEC

2013-09-03 Thread Bill Stewart
At 01:53 PM 8/29/2013, Taral wrote: Oh, wait. I misread the requirement. This is a pretty normal requirement -- your reverse DNS has to be valid. So if you are 3ffe::2, and that reverses to abc.example.com, then abc.example.com better resolve to 3ffe::2. For IPv4, that's a relatively normal

Re: [Cryptography] IPv6 and IPSEC

2013-09-03 Thread Lucky Green
On Tue, Sep 03, 2013 at 06:09:15PM -0700, Bill Stewart wrote: For IPv4, that's a relatively normal way to do things, though if example.com is commercial, smtp.example.com might actually be a load-balanced bunch of servers in xx.yy.zz.0/24 instead of just one machine, or they might be hidden

Re: [Cryptography] IPv6 and IPSEC

2013-08-29 Thread Lucky Green
On Wed, Aug 28, 2013 at 01:47:01PM -0400, Phill wrote: (This is the last week before school goes back which is stopping me getting to the big iron and my coding platform if folk are wondering where the code is). I had a discussion with some IETF types. Should I suggest a BOF in

Re: [Cryptography] IPv6 and IPSEC

2013-08-29 Thread Moritz
Since forward and reverse DNS will rarely match for IP addresses used by individuals rather than service providers, this change precludes home users of IPv6 from sending email to Gmail acccount. Note that this new restriction imposed by Gmail only applies to IPv6 addresses, not IPv4

Re: [Cryptography] IPv6 and IPSEC

2013-08-29 Thread Taral
On Wed, Aug 28, 2013 at 12:08 PM, Lucky Green shamr...@cypherpunks.to wrote: Additional guidelines for IPv6 The sending IP must have a PTR record (i.e., a reverse DNS of the sending IP) and it should match the IP obtained via the forward DNS resolution of the hostname specified in the PTR

Re: [Cryptography] IPv6 and IPSEC

2013-08-29 Thread Phillip Hallam-Baker
On Thu, Aug 29, 2013 at 1:59 PM, Taral tar...@gmail.com wrote: On Wed, Aug 28, 2013 at 12:08 PM, Lucky Green shamr...@cypherpunks.to wrote: Additional guidelines for IPv6 The sending IP must have a PTR record (i.e., a reverse DNS of the sending IP) and it should match the IP obtained via

Re: [Cryptography] IPv6 and IPSEC

2013-08-29 Thread Phillip Hallam-Baker
On Thu, Aug 29, 2013 at 4:53 PM, Taral tar...@gmail.com wrote: Oh, wait. I misread the requirement. This is a pretty normal requirement -- your reverse DNS has to be valid. So if you are 3ffe::2, and that reverses to abc.example.com, then abc.example.com better resolve to 3ffe::2. On Thu,

Re: [Cryptography] IPv6 and IPSEC

2013-08-29 Thread Taral
Oh, wait. I misread the requirement. This is a pretty normal requirement -- your reverse DNS has to be valid. So if you are 3ffe::2, and that reverses to abc.example.com, then abc.example.com better resolve to 3ffe::2. On Thu, Aug 29, 2013 at 1:38 PM, Phillip Hallam-Baker hal...@gmail.com wrote:

Re: [Cryptography] IPv6 and IPSEC

2013-08-29 Thread Richard Guy Briggs
On Thu, Aug 29, 2013 at 01:53:29PM -0700, Taral wrote: Oh, wait. I misread the requirement. This is a pretty normal requirement -- your reverse DNS has to be valid. So if you are 3ffe::2, and that reverses to abc.example.com, then abc.example.com better resolve to 3ffe::2. Right, so if you

[Cryptography] IPv6 and IPSEC

2013-08-28 Thread Phill
(This is the last week before school goes back which is stopping me getting to the big iron and my coding platform if folk are wondering where the code is). I had a discussion with some IETF types. Should I suggest a BOF in Vancouver? Maybe this is an IRTF effort rather than IETF. One thing