Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes
"Valery Smyslov" <smyslov.ietf@gmail.com> Wed, 17 April 2019 07:48 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE1FD120332 for <ipsec@ietfa.amsl.com>; Wed, 17 Apr 2019 00:48:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id giZgiqv84nBv for <ipsec@ietfa.amsl.com>; Wed, 17 Apr 2019 00:48:36 -0700 (PDT)
Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9332E120321 for <ipsec@ietf.org>; Wed, 17 Apr 2019 00:48:36 -0700 (PDT)
Received: by mail-wm1-x332.google.com with SMTP id z6so4020330wmi.0 for <ipsec@ietf.org>; Wed, 17 Apr 2019 00:48:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=UJdq3Xa7xbG3znku4il80jdkleGxfzCOHQ72ZBjW3NU=; b=H1gvXw1ZCREcWQBJdqTF1lJCNyJy4sf97sNBAmIfiFKlkHaqNcOHfOyeiQLeyVt0hP 3eAu3ptVyCKtUdjBHgXIBHztciQdB4reghaN+3GgMRlx0DU58P6BVu8JLGFj2SwcAJ95 YWk8+z2fT7vc0EQApsL9WWB9EP+tRqG3NhJakCdQAWPiA/KD6ChzWI3FbBPcK0KO4a68 0Yyw9PDqpR5AxSdzUD59rqCfutLOnpS4GEnKKdJcVsiGm990V1qJO6oON5hx2sojAMBY 4PKZ+n5+/xWufzEDS4RvNUN0VCUEE447H7jHX6WdRWseor0j2Bl2KHI2M727sMHKRqMJ zsgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=UJdq3Xa7xbG3znku4il80jdkleGxfzCOHQ72ZBjW3NU=; b=q+eSsNWc6o/DBxrlV7/T0pyL9kcETWV6Er3zJOJztOu5J4/82FJOWP0zxMbI/sxi69 mtXva6uqGt15gsUOAsjXC9P4f4l/Uf+hVPfH0z3zyIt202QO82WwqIJ0uilEZSZqlJRi Z8o2fCuCDPUTbqbpeQAfSyjxrIVpG+NF+qanGILbFWEIwPv2izEBZUzcCq4xBZv8skbb tbr1J8m/BztePwJhBX9gKzAcXxIfAtTTZvw9IQ5JmcFSlK8G1lRikvGsUJ9G6nk+mHbV 3j/4Tq+FP50xIrvOjg5HFyBZZkWj5PgwPDZsqQ7fMMFRVQoPQIviOuzw2A8Zymw3RMk2 Qsng==
X-Gm-Message-State: APjAAAWy+7hkn8LW95WBM+DK45C5JlFUyh8CQbjT2LQJjdFiuMoR/hRq 6t1s01fMIw2ivGm+NodEbtALbD1Q
X-Google-Smtp-Source: APXvYqwsPAUXSGGSPCxw0k97lAYtNxmHgjHbLicwzGWkzdT0Zy57i5V407CSampOAHD2TJL8jbKm7g==
X-Received: by 2002:a1c:9cd1:: with SMTP id f200mr30432285wme.91.1555487314780; Wed, 17 Apr 2019 00:48:34 -0700 (PDT)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id u17sm3535836wmu.36.2019.04.17.00.48.31 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 17 Apr 2019 00:48:31 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Tero Kivinen' <kivinen@iki.fi>, ipsec@ietf.org
References: <23734.7331.402882.289451@fireball.acr.fi>
In-Reply-To: <23734.7331.402882.289451@fireball.acr.fi>
Date: Wed, 17 Apr 2019 10:48:07 +0300
Message-ID: <01b201d4f4f1$e617eb90$b247c2b0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGx2DB/WIutEoo9ZJxUMu3Z3MbCGqaGD1IA
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/KCO2EhJS3dW3ZM33aJJd3jGfahM>
Subject: Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2019 07:48:38 -0000
Hi, I was thinking of another alternative design (well, it's a small modification of a current one). Instead of defining IP4_ONLY_ALLOWED and IP6_ONLY_ALLOWED, define IP4_ALLOWED and IP6_ALLOWED. The semantics would be a positive assertion that this particular AF allowed, without any concerns with the other AF. In this case, the behavior would be as follows: Requested @Init Supported @Resp Assigned Returned Notification IPv4 IPv6 None IP6_ALLOWED IPv6 IPv6 IPv6 IP6_ALLOWED IPv6 IPv4 None IP4_ALLOWED IPv4 IPv4 IPv4 IP4_ALLOWED IPv4 and IPv6 IPv6 IPv6 IP6_ALLOWED IPv4 and IPv6 IPv4 IPv4 IP4_ALLOWED IPv4 and IPv6 IPv6 or IPv4 IPv6 or IPv4 IP4_ALLOWED, (Policy-based) IP6_ALLOWED IPv4 and IPv6 IPv6 and IPv4 IPv6 and IPv4 IP4_ALLOWED, IP6_ALLOWED An (mostly theoretical) advantage of this design is that if some new AF appears (well, I understand that it's unlikely in the foreseen future, but who knows), the design will work w/o changes, we only need to define a new <AF>_ALLOWED notification. Regards, Valery. > In the Prague meeting we had two options how to send information what > kind of address families are supported [1]: > > 1) IP6_ONLY_ALLOWED and IP4_ONLY_ALLOWED status notifications which > are sent whenever only one address family is supported. I.e., if > only one address family is supported, then IP*_ONLY_ALLOWED is > sent. If both address families are supported, then no status code > is sent. This is what current draft proposes. > > 2) ADDITINAL_ADDRESS_FAMILY_POSSIBLE status notification which is used > when other address family than currently returned could also be > used. I.e., if no address was assigned, then this status > notification tells that trying with other address family works, and > if address was assigned from one address family this tells that > another request with another address family can also work. > > In the meeting we did not have clear concensus [2] on which of them > are better. The option 2 is closer to what we currently have in > RFC7296 for ADDITIONAL_TS_POSSIBLE. > > Both of the options seems to work, and I think people think the > differences are so small, that they do not care. So unless people > object soon, I think we will keep whatever is in the draft, as I > seemed to be only one who thought the other option would be clearer. > > [1] See slides 6 and 7 of > https://datatracker.ietf.org/meeting/104/materials/slides-104-ipsecme-chair-slides-04 > [2] https://datatracker.ietf.org/doc/minutes-104-ipsecme/ > -- > kivinen@iki.fi > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Tero Kivinen
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Valery Smyslov
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Valery Smyslov
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Valery Smyslov
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters