Re: [BEHAVE] [dccp] WGLC: draft-ietf-behave-dccp-01
"Dan Wing" <dwing@cisco.com> Fri, 12 September 2008 17:06 UTC
Return-Path: <behave-bounces@ietf.org>
X-Original-To: behave-archive@optimus.ietf.org
Delivered-To: ietfarch-behave-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E0CD43A6C32; Fri, 12 Sep 2008 10:06:43 -0700 (PDT)
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3C0283A6C2A; Fri, 12 Sep 2008 10:06:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.425
X-Spam-Level:
X-Spam-Status: No, score=-5.425 tagged_above=-999 required=5 tests=[AWL=0.874, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3jvmim0CWGOp; Fri, 12 Sep 2008 10:06:41 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id E21DF3A6B52; Fri, 12 Sep 2008 10:06:41 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.32,390,1217808000"; d="scan'208";a="154395881"
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 12 Sep 2008 17:06:49 +0000
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id m8CH6mCh010636; Fri, 12 Sep 2008 10:06:48 -0700
Received: from dwingwxp01 ([10.32.240.194]) by sj-core-2.cisco.com (8.13.8/8.13.8) with ESMTP id m8CH6mC5028405; Fri, 12 Sep 2008 17:06:48 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Rémi Denis-Courmont' <rem@videolan.org>, 'Eddie Kohler' <kohler@cs.ucla.edu>
References: <214901c8f8f5$7d5ea610$d35d150a@cisco.com><489BF319.3010103@cs.ucla.edu> <200809111819.04068.rem@videolan.org>
Date: Fri, 12 Sep 2008 10:06:47 -0700
Message-ID: <053201c914f9$f142aa20$6ba36b80@cisco.com>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <200809111819.04068.rem@videolan.org>
Thread-Index: AckU9X1j+EnCLRK2SJWWKwv3+KJ1vAAA0a4w
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=3578; t=1221239208; x=1222103208; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[BEHAVE]=20[dccp]=20WGLC=3A=20draft-iet f-behave-dccp-01 |Sender:=20; bh=jn+5CW8Ic+4hmAtsPpya7OuiiXVYqPCrnJMh6Hjumr0=; b=dIqZgR1gdojuZFgl7nkUrE9aB28X/M9iX5A7pAfenhf7t3Y27xRCRq2TFt 5XjfcABR45kYBH4yOackZsSZJrcSoNL1JdhHCqYzjN8yjpq95aQ5OF6HIAUe a9TCfgmK8o;
Authentication-Results: sj-dkim-4; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Cc: dccp@ietf.org, 'Behave WG' <behave@ietf.org>
Subject: Re: [BEHAVE] [dccp] WGLC: draft-ietf-behave-dccp-01
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: behave-bounces@ietf.org
Errors-To: behave-bounces@ietf.org
> -----Original Message----- > From: behave-bounces@ietf.org > [mailto:behave-bounces@ietf.org] On Behalf Of Rémi Denis-Courmont > Sent: Thursday, September 11, 2008 8:19 AM > To: Eddie Kohler > Cc: dccp@ietf.org; Behave WG > Subject: Re: [BEHAVE] [dccp] WGLC: draft-ietf-behave-dccp-01 > > Hello, > > Le vendredi 8 août 2008 10:17:45 Eddie Kohler, vous avez écrit : > > (1) REQ-6: If a NAT includes ALGs, it MUST NOT affect DCCP. > > > > (2) REQ-13: If a NAT translates a DCCP packet, it MUST NOT > modify its > > DCCP service code value. > > > > In both cases a related, less stringent requirement would be more > > reasonable IMHO. > > Both were discussed on several occasions in the meetings. I > heard some voices > in favor of the strict statements, and none against it. As far as I > understand, BEHAVE-TCP did not forbidding ALGs because of existing > deployments; not an issue with DCCP (is it?). > > I am rather reluctant to changing this. What do the WG > (chairs) have to say? Eddie, If there is a DCCP application that needs an ALG, and which cannot utilize the STUN/ICE procedures as outlined by draft-rosenberg-mmusic-ice-nonsip-01.txt, we would like to hear about it. We already know what harm ALGs bring -- they slow or prevent protocol extensions, ALGs cause additional breakage in the end-to-end model, they require protocols to allow a man-in-the-middle (reducing security because the signaling has to be sent without integrity protection), and force the network topology to be constrained so that the signaling channel and the data channel traverse the same NAT. The reason for the 'MUST NOT do ALG' is because we want to avoid burdening DCCP protocols with these characteristics. The IETF learned the mistake of non-Passive FTP (which requires an FTP ALG) and there have been significant efforts underway to make SIP not need an ALG (draft-ietf-mmusic-ice) and to make RTSP not need an ALG (draft-ietf-mmusic-rtsp-nat). -d > > (2) REQ-13: This one is less important. The RFC4340 text says: > > > > The Service Code field in DCCP-Request packets provides > information > > that may be useful for stateful middleboxes. With > Service Code, a > > middlebox can tell what protocol a connection will use without > > relying on port numbers. Middleboxes can disallow > connections that > > attempt to access unexpected services by sending a > DCCP-Reset with > > Reset Code 8, "Bad Service Code". Middleboxes should > not modify the > > Service Code unless they are really changing the > service a connection > > is accessing. > > > > One can imagine useful ALG middleboxes that would change a > connection's > > service, and therefore its Service Code, and I don't see > what's gained by a > > "MUST NOT" requirement. This is speculative however. > > The document is dealing with address translators *only*. I > see no valid reason > for a NAT to change the service code. This text was > purposedly put there so > implementors would not alter the service code as if it were > extra source port > number entropy - that would break, for instance RTP over DCCP. > > -- > Rémi Denis-Courmont > http://git.remlab.net/cgi-bin/gitweb.cgi?p=vlc-courmisch.git;a=summary > _______________________________________________ > Behave mailing list > Behave@ietf.org > https://www.ietf.org/mailman/listinfo/behave _______________________________________________ Behave mailing list Behave@ietf.org https://www.ietf.org/mailman/listinfo/behave
- [BEHAVE] WGLC: draft-ietf-behave-dccp-01 Dan Wing
- Re: [BEHAVE] [dccp] WGLC: draft-ietf-behave-dccp-… Eddie Kohler
- Re: [BEHAVE] [dccp] WGLC: draft-ietf-behave-dccp-… Phelan, Tom
- Re: [BEHAVE] WGLC: draft-ietf-behave-dccp-01 Dan Wing
- Re: [BEHAVE] [dccp] WGLC: draft-ietf-behave-dccp-… Rémi Denis-Courmont
- Re: [BEHAVE] [dccp] WGLC: draft-ietf-behave-dccp-… Dan Wing