IETF Logo Mail Archive

Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.txt> (Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry) to BCP

Cullen Jennings <fluffy@cisco.com> Mon, 31 January 2011 17:48 UTC

Return-Path: <fluffy@cisco.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5D3F03A6ADF; Mon, 31 Jan 2011 09:48:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.583
X-Spam-Level:
X-Spam-Status: No, score=-110.583 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mqZjDtSro0qH; Mon, 31 Jan 2011 09:48:38 -0800 (PST)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id 450043A6844; Mon, 31 Jan 2011 09:48:38 -0800 (PST)
Authentication-Results: sj-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-2.cisco.com with ESMTP; 31 Jan 2011 17:51:53 +0000
Received: from [192.168.4.3] (rcdn-fluffy-8711.cisco.com [10.99.9.18]) by sj-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id p0VHppL7003932; Mon, 31 Jan 2011 17:51:52 GMT
Subject: Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.txt> (Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry) to BCP
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: Cullen Jennings <fluffy@cisco.com>
In-Reply-To: <4D46E2FF.7010203@cisco.com>
Date: Mon, 31 Jan 2011 10:51:51 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <768DE9F6-FC0B-49B0-8244-0D97CD7BD2DA@cisco.com>
References: <20110118212603.5733.34489.idtracker@localhost> <B88A8A82-9C4A-40AC-89AF-F177260760F7@cisco.com> <ECA80A72-4E72-44D2-B40E-C90D7197E8C5@nokia.com> <4D421795.70505@isi.edu> <EFADE5D0-BB33-4418-B743-DFEC11B12740@cisco.com> <4D44F85D.5030407@isi.edu> <4D457FD9.5030905@vpnc.org> <B1E38EDF-E78E-47E2-B9A9-D7320A908217@nokia.com> <4D46CC62.1040006@vpnc.org> <3EEDEA1C-C34B-4F39-8E6E-AEDE50C1E504@nokia.com> <4D46D1D3.10701@vpnc.org> <F2152494-8C79-4A0F-951F-B3DB1D274A61@cisco.com> <4D46E2FF.7010203@cisco.com>
To: Eliot Lear <lear@cisco.com>
X-Mailer: Apple Mail (2.1082)
Cc: IESG IESG <iesg@ietf.org>, IETF discussion list <ietf@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, tsvwg@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jan 2011 17:48:39 -0000

So first, we already have a BCP that says  more or less all protocols must implement a secure version but deployment is optional. This is a good BCP, and it comes from the right area to say that - security. It's probably impacts design work in working groups more than any other BCP. It has IETF consensus. The IESG holds protocols to this. 

Now - I am at loss to see why forcing people to use one port will make it more likely to have secure protocols. This seems crazy.  Please do enlighten me.

And on the topic, I'm still looking forward to an explanation of how the current CoAP design stomping all over the TLS code points would be an acceptable design. 


On Jan 31, 2011, at 9:27 , Eliot Lear wrote:

> 
> 
> On 1/31/11 5:13 PM, Cullen Jennings wrote:
>> Hmm ... I don't agree that solves the issue. 
>> 
>> Well lets say the request was coming from 3GPP for a protocol they designed - why should IANA be able to tell them no but IETF yes. 
> 
> Who, ultimately, is the steward of this precious resource?  If it is not
> the IANA and it is not the IETF, then who?  To say that it is everyone's
> responsibility is to avoid responsibility entirely.  Who gets to say
> which standards organizations are stewards and which are not?
> 
>> I think the policy issue here is fairly clear. We do not have consensus that in all cases that one should not have a second port for security (I'm basing this assertion on Magnus read of WG consensus and my read of IETF LC consensus). Therefore that should not be a ground for the expert reviewer (or IANA) to reject the registration. The document needs to be updated to make that clear or it does not reflect consensus. If the authors of the draft want to propose text for conditions when it would be ok to reject a second port for security purposes and see if they can get consensus for that text, that seems perfectly reasonable. 
> 
> This is a VERY VERY dangerous approach you propose, Cullen.  It is akin
> to saying, "you can think about security later, because we'll have to
> give you a port for it later."  We don't want to be saying that.
> 


Cullen Jennings
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html

v2.23.0 | Report a Bug | By Email