[Gen-art] Re: Gen-ART review of draft-ietf-v6ops-ipsec-tunnels-04.txt
Mohan Parthasarathy <mohanp@sbcglobal.net> Tue, 12 December 2006 23:02 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GuGdh-00026O-DI; Tue, 12 Dec 2006 18:02:21 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GuBTW-0005g0-Ub for gen-art@ietf.org; Tue, 12 Dec 2006 12:31:30 -0500
Received: from web80606.mail.yahoo.com ([66.218.79.95]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GuBTT-0002zv-BU for gen-art@ietf.org; Tue, 12 Dec 2006 12:31:30 -0500
Received: (qmail 86284 invoked by uid 60001); 12 Dec 2006 17:31:23 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=sbcglobal.net; h=Message-ID:Received:Date:From:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding; b=nxUfLouxoGG4Z8o1nF6GSZdEyOrsZzKdoGKO6isLbv0MQ2AgIN0UOhGUKs9tideJbit9Hdothsu3bl7MpG3Ybk0hfSbdDb1sQ01Me++nGJ1UWvJp1pLx6cxhPgq63IyV7MfeiqTbM03eiIFgtIO4+7q09q7Aek+JazW7OntY/U0= ;
Message-ID: <20061212173123.86282.qmail@web80606.mail.yahoo.com>
Received: from [192.100.104.17] by web80606.mail.yahoo.com via HTTP; Tue, 12 Dec 2006 09:31:23 PST
Date: Tue, 12 Dec 2006 09:31:23 -0800
From: Mohan Parthasarathy <mohanp@sbcglobal.net>
To: Pekka Savola <psavola@csc.fi>, Fred Baker <fred@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ascii"
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c
X-Mailman-Approved-At: Tue, 12 Dec 2006 18:02:20 -0500
Cc: David Kessens <david.kessens@nokia.com>, Hannes.Tschofenig@siemens.com, gen-art@ietf.org, Lindqvist Erik Kurt <kurtis@kurtis.pp.se>, rfg@acm.org, David Black <Black_David@emc.com>
Subject: [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-ipsec-tunnels-04.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
>On Sun, 10 Dec 2006, Fred Baker wrote: >> On Dec 9, 2006, at 5:55 PM, Black_David@emc.com wrote: >>> Section 4 has some wording problems: >>> >>> 1. [RFC2401] does not allow IP as the next layer protocol in traffic >>> selectors when an IPsec SA is negotiated. [RFC4301] also allows >>> IP as the next layer protocol (like TCP or UDP) in traffic >>> selectors. >>> >>> The "also" is susceptible to misreading. The second sentence should >>> be rephrased to: "In contrast, [RFC4301] does allow ..." > >Mohan or Richard, could you clarify this? I thought the idea was that >RFC2401 does not explicitly mention IP as the possible next layer >protocol, while many implementations do support it (and we aren't quite >sure whether such support is mandatory-to-implement)? On the other hand >RFC4301 explicitly requires support for all next layer protocol values. > >Maybe we forgot to to reword the text above since this become clearer >after earlier iterations. If so, suggestions to reword? I think we should reword this. Though some implementations may support it, we are talking about RFC 2401 vs RFC 4301. In that sense, what David says make sense. >>> The three requirements in Section 5.2 are generally applicable, >>> and should not be buried in Section 5.2's discussion of IPsec >>> tunnel mode. The requirements also lack explanations of why >>> they are requirements. At a minimum, the statement of the >>> requirements should be moved into Section 5 (before 5.1), but >>> I would suggest moving them to the end of Section 3 and adding >>> a discussion of why these requirements are important (e.g., what >>> goes wrong if they're not met) with reference to the scenarios >>> described in Section 3. > >We could easily shuffle the text around a bit. Now that I read this, only >the first one seems to be clearly worded as a "requirement" rather than a >general observation. While the third one needs clarification (Mohan?), I used the word "requirement" more to mean that these should be supported for proper operation of passing IPv6 traffic through the IPv6-in-IPv4 tunnels. (3) is saying that IPsec needs to be modelled as an interface for proper source address selection to happen which is also discussed in rfc 3884. >only the first one (IMHO) can easily be expanded why that is so: > > 1. All of IPv6 traffic should be protected, including link-local > (e.g., Neighbor Discovery) and multicast traffic. > > 2. In router-to-router tunnels, the source and destination addresses > of the traffic could come from a wide range of prefixes that are > normally learned through routing. As routing can always learn a > new prefix, there is no way to know all the prefixes a priori > [RFC3884]. > > 3. Source address selection depends on the notions of routes and > interfaces. This affects scenarios (2) and (3). > >1) is required so that every form of traffic that is supported by RFC4213 >IPv6-in-IPv4 tunnels is supported. A more general explanation is >mentioned in 2nd paragraph of Section 6 (in effect, "we want link local, >e.g., routing protocols, multicast, etc.") but it doesn't mention why we >want them (explanation above). On the other hand Appendix A describes the >tunnel mode setup if this is not felt to be a requirement and Tunnel mode >is felt better in the particular scenario. > >As for 3), I'm not 100% sure what point it wants to convey and how it's >relevant here (does that refer to a multihomed endpoint with multiple >addresses?) Mohan? See above. -mohan Pekka _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART review of draft-ietf-v6ops-ipse… Black_David
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Fred Baker
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Pekka Savola
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Mohan Parthasarathy
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Mohan Parthasarathy
- [Gen-art] RE: Gen-ART review of draft-ietf-v6ops-… Black_David
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Fred Baker
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Mohan Parthasarathy
- [Gen-art] RE: Gen-ART review of draft-ietf-v6ops-… Black_David
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Pekka Savola
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Mohan Parthasarathy
- RE: [Gen-art] Re: Gen-ART review ofdraft-ietf-v6o… Black_David