IETF Logo Mail Archive

Re: [Int-area] L. Eggert's comment (draft-boucadair-intarea-host-identifier-scenarios)

<mohamed.boucadair@orange.com> Wed, 23 July 2014 13:33 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E63A1B295E for <int-area@ietfa.amsl.com>; Wed, 23 Jul 2014 06:33:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vt0TbJtUDf-p for <int-area@ietfa.amsl.com>; Wed, 23 Jul 2014 06:33:13 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias243.francetelecom.com [80.12.204.243]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88B941B295F for <int-area@ietf.org>; Wed, 23 Jul 2014 06:33:13 -0700 (PDT)
Received: from omfeda05.si.francetelecom.fr (unknown [xx.xx.xx.198]) by omfeda09.si.francetelecom.fr (ESMTP service) with ESMTP id E7F28C0B61; Wed, 23 Jul 2014 15:33:11 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [10.114.31.16]) by omfeda05.si.francetelecom.fr (ESMTP service) with ESMTP id C8AE5180042; Wed, 23 Jul 2014 15:33:11 +0200 (CEST)
Received: from OPEXCLILM23.corporate.adroot.infra.ftgroup ([169.254.2.67]) by OPEXCLILH05.corporate.adroot.infra.ftgroup ([10.114.31.16]) with mapi id 14.03.0181.006; Wed, 23 Jul 2014 15:33:08 +0200
From: mohamed.boucadair@orange.com
To: joel jaeggli <joelja@bogus.com>, "Internet Area (int-area@ietf.org)" <int-area@ietf.org>
Thread-Topic: [Int-area] L. Eggert's comment (draft-boucadair-intarea-host-identifier-scenarios)
Thread-Index: Ac+mci0RWfBF6av/SliSRrn4iP4JqgABx9PlAAAMeqA=
Date: Wed, 23 Jul 2014 13:33:07 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93300398BF@OPEXCLILM23.corporate.adroot.infra.ftgroup>
References: <787AE7BB302AE849A7480A190F8B933003973B@OPEXCLILM23.corporate.adroot.infra.ftgroup> <f245bf40-d678-432a-ab31-16c5f354ae2c@OPEXCLILH02.corporate.adroot.infra.ftgroup> <53CFB74C.5050006@bogus.com>
In-Reply-To: <53CFB74C.5050006@bogus.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.1]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 6.0.3.2322014, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2014.7.23.100323
Archived-At: http://mailarchive.ietf.org/arch/msg/int-area/d27WLcpwxVf7rUbhhHMJcTA1O-Q
Cc: "draft-boucadair-intarea-host-identifier-scenarios@tools.ietf.org" <draft-boucadair-intarea-host-identifier-scenarios@tools.ietf.org>
Subject: Re: [Int-area] L. Eggert's comment (draft-boucadair-intarea-host-identifier-scenarios)
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jul 2014 13:33:16 -0000

Hi Joel,

This is indeed acceptable, in particular, for scenarios that are specific to a single administrative domain or that requires an agreement between the entity that owns the information and the one that will make use of that information. 

Cheers,
Med

>-----Message d'origine-----
>De : joel jaeggli [mailto:joelja@bogus.com]
>Envoyé : mercredi 23 juillet 2014 15:23
>À : BOUCADAIR Mohamed IMT/OLN; Internet Area (int-area@ietf.org)
>Cc : draft-boucadair-intarea-host-identifier-scenarios@tools.ietf.org
>Objet : Re: [Int-area] L. Eggert's comment (draft-boucadair-intarea-host-
>identifier-scenarios)
>
>On 7/23/14, 8:42 AM, mohamed.boucadair@orange.com wrote:
>> I figure out this text: "and a better solution that would preserve
>> privacy should be considered." may not reflect exactly the point made by
>> Stephen, so I'm inserting his words:
>>
>>
>>
>> "I'd be delighted if those who could get a better solution
>>
>> implemented/deployed were to attempt to try to address the
>>
>> privacy issues with XFF but it seems that at least in that
>>
>> case relevant folks don't care (sufficiently;-) deeply about
>>
>> our privacy to go do that."
>
>The proposal for a HIAPS bof staked out a particular position with
>respect to this
>
>  "First it has to be ensured that the server on the receiver side is
>well justified
>  to receive the   information. Next it will be granted that the
>communication is
>  not visible to on-path observers using the most state-of-art ways of
>securing
>  the communication."
>
>I found that acceptable, it is however incompatible with some of the
>proposed solutions.
>
>> Cheers,
>>
>> Med
>>
>>
>>
>> *De :*Int-area [mailto:int-area-bounces@ietf.org] *De la part de*
>> mohamed.boucadair@orange.com
>> *Envoyé :* mercredi 23 juillet 2014 14:33
>> *À :* Internet Area (int-area@ietf.org)
>> *Cc :* draft-boucadair-intarea-host-identifier-scenarios@tools.ietf.org
>> *Objet :* [Int-area] L. Eggert's comment
>> (draft-boucadair-intarea-host-identifier-scenarios)
>>
>>
>>
>> Hi all,
>>
>>
>>
>> Lars raised a point about
>> draft-boucadair-intarea-host-identifier-scenarios that is basically to
>> question whether it is worth continuing this effort if no viable
>> solutions can be designed to solve this problem.
>>
>>
>>
>> I do agree this is a fair point. I have several comments to make here:
>>
>>
>>
>> ·         The lack of a recommendation in RFC6967 should not be
>> interpreted as there is no working solution.
>>
>> ·         The analysis in RFC6967 is specific to particular cases that
>> span many administrative domains (read CGN). So, the drawbacks of
>> several solutions discussed in RFC6967 are irrelevant for scenarios that
>> are restricted to a single administrative domain (or where an
>> administrative relationship is setup between involved parties).
>>
>> ·         The IETF recognizes there are solutions for specific
>> applications: RFC7239 was published after RFC6967!
>>
>> ·         Some solutions such as the use of an IP option are viable ones
>> when involved devices are under the control of the same administrative
>> entity.
>>
>> ·         Some of the scenarios can be solved by protocol extensions
>> (e.g., http://tools.ietf.org/html/draft-boucadair-pcp-nat-reveal-01,
>> querying the MIB in
>> http://tools.ietf.org/html/draft-ietf-behave-nat-mib-11, announcing port
>> sets http://tools.ietf.org/html/draft-ietf-radext-ip-port-radius-ext-01,
>> etc.) without requiring injecting an identifier in the packet.
>>
>> ·         I know Lars is not supportive to the use of a TCP option, but
>> IMHO the use of a tcp option is superior to RFC7239. The TCP option is a
>> working solution for the TCP proxy, https and other scenarios.
>>
>> ·         Stephen (Farrel) mentioned in the list he has concerns with
>> RFC7239 and a better solution that would preserve privacy should be
>> considered.
>>
>>
>>
>> The rationale in the scenarios draft is as follows: instead of advancing
>> specifications that are scoped to a specific scenario, it is worth
>> having a means that will help linking all these scenarios to hopefully
>> make common solutions possible.
>>
>>
>>
>> Cheers,
>>
>> Med
>>
>>
>>
>> _______________________________________________
>> Int-area mailing list
>> Int-area@ietf.org
>> https://www.ietf.org/mailman/listinfo/int-area
>>
>

v2.23.0 | Report a Bug | By Email