Re: [anonsec] Comments on connection latching draft
Paul Wouters <paul@xelerance.com> Fri, 07 December 2007 04:55 UTC
Return-path: <anonsec-bounces@postel.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1J0VFk-0001NA-UY
for btns-archive-waDah9Oh@lists.ietf.org; Thu, 06 Dec 2007 23:55:56 -0500
Received: from boreas.isi.edu ([128.9.160.161])
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J0VFk-00087E-Iy
for btns-archive-waDah9Oh@lists.ietf.org; Thu, 06 Dec 2007 23:55:56 -0500
Received: from boreas.isi.edu (localhost [127.0.0.1])
by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id lB74lEel014441;
Thu, 6 Dec 2007 20:47:14 -0800 (PST)
Received: from newtla.xelerance.com (newtla.xelerance.com [193.110.157.143])
by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id lB74kk05014203
for <anonsec@postel.org>; Thu, 6 Dec 2007 20:46:48 -0800 (PST)
Received: from tla.xelerance.com (tla.xelerance.com [193.110.157.130])
by newtla.xelerance.com (Postfix) with ESMTP id 98627C0BD;
Thu, 6 Dec 2007 23:50:06 -0500 (EST)
Date: Thu, 6 Dec 2007 23:50:06 -0500 (EST)
From: Paul Wouters <paul@xelerance.com>
To: Nicolas Williams <Nicolas.Williams@sun.com>
In-Reply-To: <20071206235738.GA8628@Sun.COM>
Message-ID: <Pine.LNX.4.64.0712062348120.11458@newtla.xelerance.com>
References: <tsld4tjjsw3.fsf@mit.edu> <20071206235738.GA8628@Sun.COM>
MIME-Version: 1.0
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: paul@xelerance.com
Cc: anonsec@postel.org, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [anonsec] Comments on connection latching draft
X-BeenThere: anonsec@postel.org
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: "Discussions of anonymous Internet security." <anonsec.postel.org>
List-Unsubscribe: <http://mailman.postel.org/mailman/listinfo/anonsec>,
<mailto:anonsec-request@postel.org?subject=unsubscribe>
List-Archive: <http://mailman.postel.org/pipermail/anonsec>
List-Post: <mailto:anonsec@postel.org>
List-Help: <mailto:anonsec-request@postel.org?subject=help>
List-Subscribe: <http://mailman.postel.org/mailman/listinfo/anonsec>,
<mailto:anonsec-request@postel.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: anonsec-bounces@postel.org
Errors-To: anonsec-bounces@postel.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a
On Thu, 6 Dec 2007, Nicolas Williams wrote: > To help describe the process by which latches are created and torn down. > > > Why must implementations make available nat state? I'm unconvinced > > that is well enough defined to actually be useful. > > I think this is Michael's requirement. I think this might have to do with detecting multiple clients behind the same NAT router. > > o Any IPsec channel created with a given peer while another > > distinct, established IPsec channel exists with the same source > > and destination addresses SHOULD be bound to the same peer. > > > > > > How does this interact with nats? > > Hmmm, badly :) Why not make it souce and destination address plus port? > o Create a connection latch object for a ULP 5-tuple (local and > remote address, protocol and local and remote port numbers). Like here. Paul _______________________________________________
- [anonsec] Comments on connection latching draft Sam Hartman
- Re: [anonsec] Comments on connection latching dra… Nicolas Williams
- Re: [anonsec] Comments on connection latching dra… Sam Hartman
- Re: [anonsec] Comments on connection latching dra… Paul Wouters
- Re: [anonsec] Comments on connection latching dra… Nicolas Williams
- Re: [anonsec] Comments on connection latching dra… Michael Richardson