IETF Logo Mail Archive

Re: [Int-area] Fwd: I-D Action: draft-carpenter-limited-domains-06.txt

Tom Herbert <tom@herbertland.com> Sat, 02 March 2019 01:46 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8954013106A for <int-area@ietfa.amsl.com>; Fri, 1 Mar 2019 17:46:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nk03X5SQZWWt for <int-area@ietfa.amsl.com>; Fri, 1 Mar 2019 17:46:23 -0800 (PST)
Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D5D7131083 for <int-area@ietf.org>; Fri, 1 Mar 2019 17:46:23 -0800 (PST)
Received: by mail-qt1-x82d.google.com with SMTP id w4so30159532qtc.1 for <int-area@ietf.org>; Fri, 01 Mar 2019 17:46:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qMXtkjrUmQroLeCZu6WtVtbenB+oubqJAWIpmCviNyk=; b=giaIMlkityj8oXw/qUOjmW1U8AeFn/YFNI7DRhzqp36riLZL2tzMbr2MvzYE4sFIpX WyL4rQBs0cNmUijF6hgUeKGqYch5j9/x+ojh1vhHPjals9qGFvk8jTx/6IsziyqXLkPH yw5PHIVQV3ScHVwqqmZAou38otyIKXGA64q+SSxc1sScFNjg2YMaPooOt1uggphTvXVp CFguJTS3Ww6bDTlcgytATUdOfQoyegTaFaSw5rjdevaAX6oqA7bwmcKX3ls2s02LNV17 AGhJp5Q9kfCns2JDajZ5RCFYhuAdQaOwQqyPyJZDe6gr7BA4qWSSLCMGCIBgHW5FH22v ED7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qMXtkjrUmQroLeCZu6WtVtbenB+oubqJAWIpmCviNyk=; b=Be4zse9NGT+XU1Pa3xFyR9DMVBKpeacWSnxdXz10tBKzGDu5OFhRUFEhUHxu2AuPJL uHCeXjl2X+PgnSMb/qBqymOszi94hfnSHDyjDwHWMU8WRzMAB1g415XCrISMqU+fFaEv wxrTBX06CPadGARbjlJSUJNpg9ObmPjPYbhVpdw0I7ZHDKrqinNsSGcRskgeL5B1R3/+ TsUpL3TVw0oi1a5jr4AU01bWxwPuAm5qbnpdi9lxA0pl38FuZ3RV/pVpEm/9gcoylHNq rWr6r2ZNiGrAG1gfFmdJfrI14Ne3P7cBeAOqzkptAFVQsIgHW/8L56i3SBFfLnaYWLMW GbrA==
X-Gm-Message-State: APjAAAWukwXFg/YvP1halRIjlQhPM8a7RtF7Qq6kZEd/GFzZdVOB5s3A Rpg9Tz1f55COnmyBz5aBJfp132Ubc31I1wXrXn9cWA==
X-Google-Smtp-Source: APXvYqw7xxmj75N4TQvzcMs9y4VWAjEMLF8kxxKuMSxk9y/VcdlQIEdlesCWtWf6QeFyH2TyJjzz5aWGWmM0drt3NZo=
X-Received: by 2002:a0c:92a9:: with SMTP id b38mr5999984qvb.70.1551491182352; Fri, 01 Mar 2019 17:46:22 -0800 (PST)
MIME-Version: 1.0
References: <155148867733.6203.17876831273429823351@ietfa.amsl.com> <45a7996f-3d80-cf32-43ca-c02244ea2d39@gmail.com>
In-Reply-To: <45a7996f-3d80-cf32-43ca-c02244ea2d39@gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Fri, 01 Mar 2019 17:46:10 -0800
Message-ID: <CALx6S34zqSV2gxkOHU=hcNrDy=ptAba3iMx4_JKAMoHZQMKsxg@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: int-area <int-area@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/N0SWEsUtVQpD5SNvENuhOe9EV34>
Subject: Re: [Int-area] Fwd: I-D Action: draft-carpenter-limited-domains-06.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Mar 2019 01:46:27 -0000

Hi Brain,

One comment...

>From the draft:

"5.   Firewall and Service Tickets (FAST).  Such tickets would
accompany a packet to claim the right to traverse a network or request
a specific network service [I-D.herbert-fast].  They would only be
valid within a particular domain."

While it's true that Firewall and Service and Tickets (in HBH
extension headers) are only valid in a particular domain, that really
means that they are only interpretable in the origin domain that
created the ticket. It's essential in the design that FAST tickets can
be exposed outside of their origin domain (e.g. used over the
Internet) and reflected back into the origin domain by peer hosts.
FAST tickets contain their own security (they are encrypted and signed
by agent in the origin network) so there should never be any reason
for a firewall to arbitrarily filter or limit packets with FAST
tickets attached. This technique could probably be applied to some of
the other use cases mentioned.

Thanks,
Tom

On Fri, Mar 1, 2019 at 5:08 PM Brian E Carpenter
<brian.e.carpenter@gmail.com> wrote:
>
> A few small updates and fixes to references. Please comment;
> the authors are wondering about next steps for this draft.
>
>     Brian + Bing
>
> -------- Forwarded Message --------
> Subject: I-D Action: draft-carpenter-limited-domains-06.txt
> Date: Fri, 01 Mar 2019 17:04:37 -0800
> From: internet-drafts@ietf.org
> Reply-To: internet-drafts@ietf.org
> To: i-d-announce@ietf.org
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>
>
>         Title           : Limited Domains and Internet Protocols
>         Authors         : Brian Carpenter
>                           Bing Liu
>         Filename        : draft-carpenter-limited-domains-06.txt
>         Pages           : 24
>         Date            : 2019-03-01
>
> Abstract:
>    There is a noticeable trend towards network requirements, behaviours
>    and semantics that are specific to a limited region of the Internet
>    and a particular set of requirements.  Policies, default parameters,
>    the options supported, the style of network management and security
>    requirements may vary.  This document reviews examples of such
>    limited domains, also known as controlled environments, and emerging
>    solutions, and develops a related taxonomy.  It then briefly
>    discusses the standardization of protocols for limited domains.
>    Finally, it shows the needs for a precise definition of limited
>    domain membership and for mechanisms to allow nodes to join a domain
>    securely and to find other members, including boundary nodes.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-carpenter-limited-domains/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-carpenter-limited-domains-06
> https://datatracker.ietf.org/doc/html/draft-carpenter-limited-domains-06
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-carpenter-limited-domains-06
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area

v2.23.0 | Report a Bug | By Email