[ipfix] draft-leinen-ipfix-eval-contrib-03.txt posted
Simon Leinen <simon@limmat.switch.ch> Wed, 26 May 2004 23:16 UTC
Received: from mil.doit.wisc.edu (mil.doit.wisc.edu [128.104.31.31]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA27397 for <ipfix-archive@lists.ietf.org>; Wed, 26 May 2004 19:16:15 -0400 (EDT)
Received: from majordomo by mil.doit.wisc.edu with local (Exim 3.13 #1) id 1BT7K0-0002TV-00 for ipfix-list@mil.doit.wisc.edu; Wed, 26 May 2004 17:56:28 -0500
Received: from diotima.switch.ch ([130.59.4.87]) by mil.doit.wisc.edu with esmtp (Exim 3.13 #1) id 1BT7Jz-0002TP-00 for ipfix@net.doit.wisc.edu; Wed, 26 May 2004 17:56:27 -0500
Received: from diotima.switch.ch (localhost [127.0.0.1]) by diotima.switch.ch (8.12.11/8.12.11) with ESMTP id i4QMuHvf011595 (version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=NO); Thu, 27 May 2004 00:56:19 +0200 (CEST)
Received: (from leinen@localhost) by diotima.switch.ch (8.12.11/8.12.11/Submit) id i4QMuGYu011594; Thu, 27 May 2004 00:56:16 +0200 (CEST)
X-Authentication-Warning: diotima.switch.ch: leinen set sender to simon@limmat.switch.ch using -f
To: ipfix@net.doit.wisc.edu
CC: Bert Wijnen <bwijnen@lucent.com>
Subject: [ipfix] draft-leinen-ipfix-eval-contrib-03.txt posted
X-Face: 1Nk*r=:$IBBb8|TyRB'2WSY6u:BzMO7N)#id#-4_}MsU5?vTI?dez|JiutW4sKBLjp.l7, F 7QOld^hORRtpCUj)!cP]gtK_SyK5FW(+o"!or:v^C^]OxX^3+IPd\z,@ttmwYVO7l`6OXXYR`
From: Simon Leinen <simon@limmat.switch.ch>
Date: Thu, 27 May 2004 00:56:16 +0200
Message-ID: <aa8yfere5r.fsf@diotima.switch.ch>
User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3 (usg-unix-v)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Precedence: bulk
Sender: majordomo listserver <majordomo@mil.doit.wisc.edu>
I submitted a revision of the IPFIX Protocol Evaluation I-D. Until it shows up in the IETF repository, you can grab it at http://www.switch.ch/misc/leinen/ietf/ipfix/draft-leinen-ipfix-eval-contrib-03.txt http://www.switch.ch/misc/leinen/ietf/ipfix/draft-leinen-ipfix-eval-contrib-03.html There's also an "htmlwdiff" from the previous version (-02): http://www.switch.ch/misc/leinen/ietf/ipfix/draft-leinen-ipfix-eval-contrib-02-03-diff.html In spite of its draft-leinen-... name, this is actually a WG item. The revision was made to address some concerns that have been raised during IESG review. The most notable change I made is in the "Conclusions" section. I added two sections on things that must be added to NetFlow v9 to make it viable as the IPFIX protocol: As evaluated, NetFlow v9 doesn't specify any security mechanisms. The IPFIX protocol specification must specify how the security requirements in section 6.3.3 of [1] can be assured. The IPFIX specification must be specific about the choice of security-supporting protocol(s) and about all relevant issues such as security negotiation, protocol modes permitted, and key management. The other important requirement that isn't fulfilled by NetFlow v9 today is support for a congestion-aware protocol (see section 6.3.1 of [1]). So a mapping to a known congestion-friendly protocol such as TCP, or, as suggested in [16], (PR-)SCTP, is considered as another necessary step in the preparation of the IPFIX specification. These requirements are sort-of already in draft-ietf-ipfix-reqs, but IESG feedback convinced me that it makes sense stating that in the evaluation document too. The text about security basically points out that "just use IPSec" is NOT sufficient in a future IPFIX specification. That was also an IESG concern. Other changes: Moved reference to draft-djernaes-netflow-9-transport from Normative to Informational IPSEC -> IPSec global replace Point out that DES (as used in LFAP's security mechanism) is considered inadequate today New boilerplate -- Simon. -- Help mailto:majordomo@net.doit.wisc.edu and say "help" in message body Unsubscribe mailto:majordomo@net.doit.wisc.edu and say "unsubscribe ipfix" in message body Archive http://ipfix.doit.wisc.edu/archive/
- [ipfix] draft-leinen-ipfix-eval-contrib-03.txt po… Simon Leinen