IETF Logo Mail Archive

[BEHAVE] FW: Last Call: <draft-ietf-behave-ftp64-10.txt> (An FTP ALG for IPv6-to-IPv4 translation) to Proposed Standard

"David Harrington" <ietfdbh@comcast.net> Fri, 03 June 2011 12:06 UTC

Return-Path: <ietfdbh@comcast.net>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 995F4E0742 for <behave@ietfa.amsl.com>; Fri, 3 Jun 2011 05:06:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.621
X-Spam-Level:
X-Spam-Status: No, score=-101.621 tagged_above=-999 required=5 tests=[AWL=-0.652, BAYES_00=-2.599, SARE_PROLOSTOCK_SYM3=1.63, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hXTckHTbyV8k for <behave@ietfa.amsl.com>; Fri, 3 Jun 2011 05:06:35 -0700 (PDT)
Received: from qmta13.westchester.pa.mail.comcast.net (qmta13.westchester.pa.mail.comcast.net [76.96.59.243]) by ietfa.amsl.com (Postfix) with ESMTP id 9D920E0741 for <behave@ietf.org>; Fri, 3 Jun 2011 05:06:35 -0700 (PDT)
Received: from omta11.westchester.pa.mail.comcast.net ([76.96.62.36]) by qmta13.westchester.pa.mail.comcast.net with comcast id rQ5w1g0040mv7h05DQ6cof; Fri, 03 Jun 2011 12:06:36 +0000
Received: from davidPC ([67.189.235.106]) by omta11.westchester.pa.mail.comcast.net with comcast id rQ6a1g00P2JQnJT3XQ6a8G; Fri, 03 Jun 2011 12:06:35 +0000
From: David Harrington <ietfdbh@comcast.net>
To: draft-ietf-behave-ftp64.all@tools.ietf.org, 'Dan Wing' <dwing@cisco.com>
Date: Fri, 03 Jun 2011 08:06:31 -0400
Message-ID: <04C1AFDBEA554F3FA5FDD978C1682D6E@davidPC>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MIMEOLE: Produced By Microsoft MimeOLE V6.1.7600.16776
Thread-Index: AcweriFgX8TcPgo4RWWTGlEnMvid9QDMhohQ
Cc: behave@ietf.org, behave-chairs@tools.ietf.org
Subject: [BEHAVE] FW: Last Call: <draft-ietf-behave-ftp64-10.txt> (An FTP ALG for IPv6-to-IPv4 translation) to Proposed Standard
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2011 12:06:36 -0000

Hi,

Can you address these issues?
Do you have any other comments you know of that need to be included in
a new rev?

As soon as you get a revised ID, and the shepherd gives me a go-ahead
that we've caught all comments, I'll schedule the doc for an IESG
telechat.

David Harrington
Director, IETF Transport Area
ietfdbh@comcast.net (preferred for ietf)
dbharrington@huaweisymantec.com
+1 603 828 1401 (cell)

-----Original Message-----
From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On
Behalf Of Pekka Savola
Sent: Monday, May 30, 2011 5:10 AM
To: ietf@ietf.org
Cc: draft-ietf-behave-ftp64.all@tools.ietf.org; behave@ietf.org
Subject: Re: [BEHAVE] Last Call: <draft-ietf-behave-ftp64-10.txt> (An
FTP ALG for IPv6-to-IPv4 translation) to Proposed Standard

On Fri, 20 May 2011, The IESG wrote:
> The IESG has received a request from the Behavior Engineering for
> Hindrance Avoidance WG (behave) to consider the following document:
> - 'An FTP ALG for IPv6-to-IPv4 translation'
>  <draft-ietf-behave-ftp64-10.txt> as a Proposed Standard

This is an ops-dir review of draft-ietf-behave-ftp64-10.

I do not find major issues in the document.  This is a somewhat
complex
document and I would have hoped that the spec could have been more
straightforward and the result is some 50 MUSTs, SHOULDs and MAYs.
But I suppose FTP legacy cases and implementations etc. make it a
difficult protocol to support in the real life.

substantial comments
--------------------

The document does not mention or discuss LPRT and LPSV. Is that
intentional?
The IANA registry says these are now obsolete, but RFC1639 is still
experimental and no document has (formally) obsoleted these.

S 5:

    Telnet option negotiation attempts by either the client or the
    server, except for those allowed by [RFC1123], MUST be rejected by
    the FTP ALG without relaying those attempts.  This avoids the
    situation where the client and the server negotiate Telnet options
    that are unimplemented by the FTP ALG.

... what does "rejected" mean exactly?  Does the ALG send back to
the negotiation attempter some error code?  Does it abort the
connection?
ignore these options?  strip them out when connecting to the other
end?

8. Default port 20 translation


    If the client does not issue an EPSV/PASV or EPRT/PORT command
prior
    to initiating a file transfer, it is invoking the default active
FTP
    behavior where the server sets up a TCP session towards the
client.
    In this situation, the source port number is the default FTP data
    port (port 20) and the destination port is the port the client
uses
    as the source port for the control channel session.

.. is it?  I thought the source port used by the server is orthogonal
to
whether pasv/port is issued.  AFAIK, multiple FTP server
implementations
never use port 20.  But I have not recently tested this myself.

    The ALG MUST enable or disable EPSV to PASV translation as
requested.
    If EPRT to PORT translation is supported, ALGS ENABLE64 SHOULD
enable
    it and ALGS DISABLE64 SHOULD disable it along with enabling or
    disabling EPSV to PASV translation, respectively.  If EPRT to PORT
    translation is not supported, ALGS ENABLE64 only enables EPSV to
PASV
    translation.

.. what does this SHOULD..along with.. mean?  I read it so that it's
OK
that for "ALGS DISABLE64" EPSV->PASV is disabled but EPRT->PORT is not
disabled?  A different way to read it would be that both EPSV->PASV
and
EPRT->PORT are SHOULDs.

editorial:
----------

    A survey done in April of 2009 of 25 randomly picked and/or well-
    known FTP sites reachable over IPv4 showed that only 12 of them
    supported EPSV over IPv4.

.. fwiw, Dan Wing redid this test on 18 May 2011, reporting on behave
list.
the results didn't differ much (I didn't look at the numbers), but if
you
want to update this, now would be the chance.

  If
    such a multi-purpose ALG forbids the use of the AUTH command for
    policy reasons, the side effect of making the ALG stop performing
the
    translations described here, as well as other possible
interventions
    related to IPv6-to-IPv4 translation, MUST be retained even if the
ALG
    responds to the AUTH command with an error and does not propagate
the
    command to the server.

.. I had a hard time following what this one sentence includign a MUST
actually requires.  Maybe break down to more easily digestible
sentences?

    [Bernstein]
               Bernstein, D., "PASV security and PORT security", 2000,
               <http://cr.yp.to/ftp/security.html>.

.. this reference is not cited in the doc, add or remove?
_______________________________________________
Behave mailing list
Behave@ietf.org
https://www.ietf.org/mailman/listinfo/behave

v2.23.0 | Report a Bug | By Email