IPv6 Operations                                           I. van Beijnum
Internet-Draft                                              July 2, 2007
Expires: January 2, 2008


        IPv4/IPv6 Interoperation Using the HTTP CONNECT Method
               draft-van-beijnum-v6ops-connect-method-00

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on January 2, 2008.

Copyright Notice

   Copyright (C) The IETF Trust (2007).


Abstract

  As of the deprecation of NAT-PT as a mechanism to allow IPv6-only
  hosts to connect to IPv4-only hosts, there is no longer a viable
  way to provide interoperation between IPv4-only and IPv6-only hosts
  connected to the internet.

  This document outlines a way to use the HTTP CONNECT method (better
  known as HTTPS proxying) to accomplish this interoperation for a
  large (but not the full) set of IP applications. The intent is to



Van Beijnum               Expires January 2, 2008               [Page 1]
Internet-Draft      IPv4/IPv6 Interop - CONNECT Method      July 2, 2007


  provide a base level usability for IPv6-only hosts to remove the
  need to provide IPv4 connectivity in all cases.

1 Introduction

  In order to allow HTTP proxies to proxy SSL/TLS protected HTTP
  requests (HTTPS), these proxies implement the CONNECT method, which
  allows a client to ask the proxy to set up a TCP session towards a
  remote host. After this, the proxy connects the client to the new
  TCP session so the client can exchange data with the remote host
  without the proxy needing to be aware of the protocol details. This
  makes this mechanism usable for all client-to-server protocols that
  use TCP. The CONNECT method is widely implemented, but was never
  standardized in an RFC.

  This document proposes that when a host as IPv6 connectivity, but
  not IPv4 connectivity, and an application tries to set up a TCP
  session towards an IPv4 destination, the TCP/IP stack intercepts
  the TCP session creation attempt, and sets up a session towards a
  previously configured HTTPS proxy. It then asks the proxy to connect
  to the desired IPv4 address, and if successful, presents the TCP
  connection towards the proxy to the application.

  Conversely, if an IPv4-only hosts wants to talk to an IPv6-only
  host, the same thing happens. Obviously, the proxy must be connect
  to both the IPv4 and the IPv6 internet.

2 Limitations

  This mechanism only works in one direction: a client can set up a
  session towards a server through a proxy, but a client can't
  receive incoming sessions through a proxy. However, if an IPv4-only
  host and an IPv6-only host both use this mechanism, both hosts will
  be able to set up sessions towards the other.

  The mechanism also only works with TCP. This makes it unsuitable as
  a complete replacement for IPv4 (or dual stack) connectivity.
  However, since most applications use TCP, the mechanism is still
  useful for two reasons:

  1. It provides an easy way to provide 90% or more of the utility of
     dual stack operation, but without the need to run IPv4

  2. Efforts to update applications and protocols to work over IPv6
     can be targeted to the relatively limited set of applications
     that don't work over TCP





Van Beijnum               Expires January 2, 2008               [Page 2]
Internet-Draft      IPv4/IPv6 Interop - CONNECT Method      July 2, 2007


3 IANA considerations

  None.

4 Security considerations

  Being connected to a different IP address than expected, and even
  being transported over a different version of the IP protocol than
  expected means applications and protocols will be exposed to a
  different environment than what they were intended to interact
  with, which is always problematic from a security standpoint.

  However, there is ample experience with HTTPS proxying and SSL and
  TLS encryption and authentication can be used to provide end-to-end
  security, so any security concerns are limited to applications and
  protocols that don't use SSL/TLS.

5 Document and Author Information

  This document expires January, 2008. The latest version will always
  be available at http://www.muada.com/drafts/. Please direct questions
  and comments to the v6ops mailinglist or directly to the author:

    Iljitsch van Beijnum

    Email: iljitsch@muada.com

Full Copyright Statement

   Copyright (C) The IETF Trust (2007).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in


Van Beijnum               Expires January 2, 2008               [Page 3]
Internet-Draft      IPv4/IPv6 Interop - CONNECT Method      July 2, 2007


   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Acknowledgment

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).



























Van Beijnum               Expires January 2, 2008               [Page 4]