Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.txt> (Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry) to BCP

Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 01 February 2011 10:10 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 298453A6C40; Tue, 1 Feb 2011 02:10:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.488
X-Spam-Level:
X-Spam-Status: No, score=-106.488 tagged_above=-999 required=5 tests=[AWL=0.111, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20WysXu9irDd; Tue, 1 Feb 2011 02:10:57 -0800 (PST)
Received: from mailgw10.se.ericsson.net (mailgw10.se.ericsson.net [193.180.251.61]) by core3.amsl.com (Postfix) with ESMTP id 79BFD3A6C19; Tue, 1 Feb 2011 02:10:56 -0800 (PST)
X-AuditID: c1b4fb3d-b7b89ae0000036a3-45-4d47dcf49eb6
Received: from esessmw0197.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw10.se.ericsson.net (Symantec Mail Security) with SMTP id 5B.55.13987.4FCD74D4; Tue, 1 Feb 2011 11:14:12 +0100 (CET)
Received: from [147.214.183.170] (153.88.115.8) by esessmw0197.eemea.ericsson.se (153.88.115.88) with Microsoft SMTP Server id 8.2.234.1; Tue, 1 Feb 2011 11:14:11 +0100
Message-ID: <4D47DCF2.1000200@ericsson.com>
Date: Tue, 01 Feb 2011 11:14:10 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: Cullen Jennings <fluffy@cisco.com>
Subject: Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.txt> (Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry) to BCP
References: <20110118212603.5733.34489.idtracker@localhost> <B88A8A82-9C4A-40AC-89AF-F177260760F7@cisco.com> <ECA80A72-4E72-44D2-B40E-C90D7197E8C5@nokia.com> <4D421795.70505@isi.edu> <EFADE5D0-BB33-4418-B743-DFEC11B12740@cisco.com> <4D44F85D.5030407@isi.edu> <4D457FD9.5030905@vpnc.org> <B1E38EDF-E78E-47E2-B9A9-D7320A908217@nokia.com> <4D46CC62.1040006@vpnc.org> <3EEDEA1C-C34B-4F39-8E6E-AEDE50C1E504@nokia.com> <4D46D1D3.10701@vpnc.org> <F2152494-8C79-4A0F-951F-B3DB1D274A61@cisco.com> <4D46E623.3080602@ericsson.com> <9E89C43A-EB2A-4DAB-9B12-A740612783E8@cisco.com>
In-Reply-To: <9E89C43A-EB2A-4DAB-9B12-A740612783E8@cisco.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: AAAAAA==
Cc: IESG IESG <iesg@ietf.org>, IETF discussion list <ietf@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2011 10:11:00 -0000

Cullen Jennings skrev 2011-01-31 18:44:
> 
> Magnus, I agree with what you are saying here but you are avoiding the issue I am concerned with. Is allocating a second port for the secure version of a document a frivolous use case or not? I read this draft as saying it is. Others read the draft as saying it is not and that type of allocation is fine. This seems fairly easy to deal with - first lets agree if particular 2nd port for secure version is a reason to reject requests or not then see if any text needs to be adjusted in the draft to reflect that. 

Well, frankly I don't know. I think it is something that can be avoided
going forward in many use cases, but not all. Simply by thinking of this
issue in the design phase. In addition there is clearly other solutions
there other considerations, like NAT traversal has said, yes
multiplexing is a must, thus live with even higher complexity costs.

The issue I have a problem with is that is we say on general basis that
due to negotiation of security protocols we are allowed to use different
ports for negotiation or simply usage of it. Then why is that different
from different versions of the protocol, or feature support. What is the
difference for a security protocol compared to these other issues?

What I am worried here is that we will see an increased port consumption
rather than a decreased one. At the current run rate I think the
estimate is 50 years+ before run out. That is something that I am
reasonably comfortable, but if the consumption rate increases four
times, then I am suddenly not comfortable. So I am pretty certain that
we need to aim at lowering the consumption rather than raising it.

As I see it there are only one way of doing it.

- State clearly that you really need to do everything reasonable so that
your application is only for one port.
- Be reasonably tough from the expert reviewer to ensure that applicants
has done this.

And from that perspective I don't think security is special in anyway.
It is only one of several things that could potentially require
additional registered ports. Yes security is important, but as
previously discussed it doesn't appear that the actual level of security
provided is different if you are forced to use one port or two. It might
affect the ease of implementation and deployment of security, which is
another aspect of impact.


Cheers

Magnus Westerlund

----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone  +46 10 7148287
Färögatan 6                | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------