IETF Logo Mail Archive

Re: Last Call: RFC 6346 successful: moving to Proposed Standard

Doug Royer <douglasroyer@gmail.com> Thu, 11 December 2014 02:18 UTC

Return-Path: <douglasroyer@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B50DE1A038F for <ietf@ietfa.amsl.com>; Wed, 10 Dec 2014 18:18:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2P6hJlbBvRX6 for <ietf@ietfa.amsl.com>; Wed, 10 Dec 2014 18:18:15 -0800 (PST)
Received: from mail-pd0-x235.google.com (mail-pd0-x235.google.com [IPv6:2607:f8b0:400e:c02::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C61F21A0047 for <ietf@ietf.org>; Wed, 10 Dec 2014 18:18:14 -0800 (PST)
Received: by mail-pd0-f181.google.com with SMTP id v10so3986346pde.40 for <ietf@ietf.org>; Wed, 10 Dec 2014 18:18:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to :subject:references:in-reply-to:content-type; bh=sUPbmKRPloYqyejcDSuwUZBmUXMKk2RlefZRMoWoyB4=; b=KYD8AMvZQRuL+XpbDE9XsJn2DB2A8FUVHfhpWsYwKC3qh3RxHaM7rSkgD+L+r2AOv/ 32PrO5BRo8LpmuwEIcCULAxcdTgrz7g5vEqb59pukNmqjSPuelLuhul6Ld3uwVXaKBQ7 v2q8wpTnyEYeOwLlkM8KQ0kdf+shVrKuYrLzyB+d64JpsSqmvCAaAzFgVJL1TXsQWTDw h+qCUaN/UFa749M1OShfJuIilnumAQ5qemLhh9OWv7h4JaJEMyN/R93Ueo16ptv3N335 KbqHaqAGltoY1QYB2NFJ/oH90ViUe+tfGMcTHYlo2TE9ZrA7mZxfIhQZflLAcIv092SG 5Dew==
X-Received: by 10.66.228.72 with SMTP id sg8mr10897507pac.139.1418264294025; Wed, 10 Dec 2014 18:18:14 -0800 (PST)
Received: from [192.168.1.4] (184-76-96-188.war.clearwire-wmx.net. [184.76.96.188]) by mx.google.com with ESMTPSA id wg7sm5426275pac.44.2014.12.10.18.18.12 for <ietf@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Dec 2014 18:18:13 -0800 (PST)
Message-ID: <5488FEE0.2030400@gmail.com>
Date: Wed, 10 Dec 2014 19:18:08 -0700
From: Doug Royer <douglasroyer@gmail.com>
Organization: http://SoftwareAndServices.NET
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: IETF Discussion Mailing List <ietf@ietf.org>
Subject: Re: Last Call: RFC 6346 successful: moving to Proposed Standard
References: <20141201223832.20448.34524.idtracker@ietfa.amsl.com> <A4CFF3FB-A9C5-47EA-A1CA-B900CDBF776E@gmail.com> <547F451C.3010507@dcrocker.net> <D0AE1053.7AA8A%Lee@asgard.org> <AF1B977B-75D4-4AF2-B231-300AF2429317@nominum.com> <CAMm+Lwji9860CKaJB_9xi3ztiVUtP3NZ8AgO1wZAVTKVWW76Nw@mail.gmail.com> <CADC+-gR+sFUELOrdfVj5e3hW-KZoftotbhvEwF6aotZvq5wOkw@mail.gmail.com> <1DF3E368-D915-458C-8009-C508735D3C88@nominum.com>
In-Reply-To: <1DF3E368-D915-458C-8009-C508735D3C88@nominum.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms010508070105000704070508"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/auKQ4cYVzgAoDxtWo11G1gElxT0
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Dec 2014 02:18:20 -0000

On 12/10/2014 06:31 PM, Ted Lemon wrote:
> On Dec 10, 2014, at 7:39 PM, Doug Royer <douglasroyer@gmail.com> wrote:
>> What about legacy software that decides what port it is going to use?
>> Well their packets go to the wrong hardware? Seems a BIG security hold to me.
> This is equivalent to the current practice of giving a home gateway an IP address with all 64k ports.   These ports are _already_ shared by devices behind the NAT.   The difference with port sharing is just that you start out with fewer than 64k ports.   Legacy software of the type you describe already doesn't work with a NAT.
>

Maybe I misunderstand what I read. Currently say I have 80 hosted server 
each with its own IP address
Each uses port 25 (smtp), 143 (imap), 80 (http) 22 (ssh) , 443 https), 
465 (smtp), 587 (smtp), 10000 (webmin) , and 20000 (usermin). The host 
name are say 80 random host names. Some use port 5432 (postgres), some 
port 3306 (mysql). And others use other random ports.

My hosting provider decides to follow this spec and assigns them all to 
ip address 1.2.3.4  and map
the port numbers across a 80 ranges, each with at least 9 assigned ports.

So How do say http://random-host-name-xx from a browser and have it work?
It would return 1.2.3.4 with dns, so 100% of *all* browser software 
would need to be updated to get the port extension to determine it 
really should go to http://randm-host-name-xx:1234 ?

The site admin is not going to have to know the 80 different port 
numbers for webmin (old port 10000) ?

I can't see how changing almost all Internet software is going to move 
faster than waiting for IPv6.

The current text also says double nats should be avoided. Do people know 
that a HUGE amount of home Wifi devices are NATs behind their router 
(NAT) and possibly behind their ISP NAT ?

Please tell me I misunderstand the text.

-- 

Doug Royer - (http://K7DMR.us / http://DougRoyer.US)
DouglasRoyer@gmail.com
714-989-6135

v2.23.0 | Report a Bug | By Email