Re: The Devil's in the Deployment RE: NATs as firewalls
Russ White <riw@cisco.com> Sat, 10 March 2007 03:02 UTC
Return-path: <ietf-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HPrrH-0007pY-0M; Fri, 09 Mar 2007 22:02:59 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HODoW-0007qZ-WF for ietf@ietf.org; Mon, 05 Mar 2007 09:05:21 -0500
Received: from xmail06.myhosting.com ([168.144.250.220]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HODoS-0007y2-OJ for ietf@ietf.org; Mon, 05 Mar 2007 09:05:20 -0500
Received: (qmail 24801 invoked from network); 5 Mar 2007 14:04:59 -0000
Received: from unknown (HELO [192.168.100.205]) (Authenticated-user:_russ@riw.us@[65.190.218.139]) (envelope-sender <riw@cisco.com>) by xmail06.myhosting.com (qmail-ldap-1.03) with SMTP for <Mark_Andrews@isc.org>; 5 Mar 2007 14:04:33 -0000
Message-ID: <45EC2355.2020807@cisco.com>
Date: Mon, 05 Mar 2007 09:04:05 -0500
From: Russ White <riw@cisco.com>
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To: Mark Andrews <Mark_Andrews@isc.org>
References: <200703042232.l24MW9Gr049604@drugs.dv.isc.org>
In-Reply-To: <200703042232.l24MW9Gr049604@drugs.dv.isc.org>
X-Enigmail-Version: 0.94.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
X-Mailman-Approved-At: Fri, 09 Mar 2007 22:02:46 -0500
Cc: Noel Chiappa <jnc@mercury.lcs.mit.edu>, ietf@ietf.org
Subject: Re: The Devil's in the Deployment RE: NATs as firewalls
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > We have IPv6 Locally Assigned Local Addresses. Doesn't this presume that if people used these locally assigned addresses they would then NAT to a public address space? I think the main thing folks might miss is that a lot of people really want all of this on a single address--while having multiple addresses concurrent on a single machine is acceptable for larger machines, specifically servers, having multiples on a = since the entities involved in the 802.11i 4-way handshake are, I think, = quite different from the EAP entities. In general, the = consumers/users of the keys that may be generated as a side-effect of = EAP authentication are not identical to the EAP entities, however, a = fact that seems to be if not lost then at least glossed over in this = document. Further examples can be found in the definitions = of "Transient EAP Keys (TEKs)", where the EAP peers are = presumed to continue sending & receiving encrypted data after = authentication is complete(!) and "Transient Session Keys = (TSKs)", where the EAP peers negotiate a ciphersuite for this = purpose. Although I don't think it's prohibited for EAP methods to = negotiate ciphersuites for subsequent use _by other protocols_ (such as = 802.11i, etc.), I don't know of any that do & I don't think that = that is what is meant in this definition: it is only the rather IMHO = sloppy use of the terms "authenticator" and "peer" = to mean, basically, "whatever is hanging off the ends of the = wire" that allows this usage.</FONT></P> </BODY> </HTML> ------_=_NextPart_001_01C75E3E.929A9595-- --===============0938587276== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf --===============0938587276==--
- RE: The Devil's in the Deployment RE: NATs as fir… Hallam-Baker, Phillip
- The Devil's in the Deployment RE: NATs as firewal… Hallam-Baker, Phillip
- Re: The Devil's in the Deployment RE: NATs as fir… Brian E Carpenter
- Re: The Devil's in the Deployment RE: NATs as fir… Noel Chiappa
- Re: The Devil's in the Deployment RE: NATs as fir… Mark Andrews
- Re: The Devil's in the Deployment RE: NATs as fir… Douglas Otis
- Re: The Devil's in the Deployment RE: NATs as fir… Mark Andrews
- Re: The Devil's in the Deployment RE: NATs as fir… Russ White
- Re: The Devil's in the Deployment RE: NATs as fir… Russ White