Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes
Paul Wouters <paul@nohats.ca> Mon, 29 April 2019 16:10 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B835712034E for <ipsec@ietfa.amsl.com>; Mon, 29 Apr 2019 09:10:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZxxfeAdqlMJK for <ipsec@ietfa.amsl.com>; Mon, 29 Apr 2019 09:10:56 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2A33120168 for <ipsec@ietf.org>; Mon, 29 Apr 2019 09:10:55 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 44t8lf1g0Sz25v; Mon, 29 Apr 2019 18:10:54 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1556554254; bh=PhDkHp7LOe/CHxzzr++s9m6hX66674s2BPn/y1vCQ14=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=FhCICrbMjF0xnjN6yfS5i8BMMsnYO24TqCUmY04u9OM0yEjQOgXE5urCC3RNYzxLh wWdeTHN6AWuvKGP38CvI2QEHQht79jXQ9zWmYaQOGFu/iNfqFNbKJQDIMdQTDSGHc+ rO4iK5Jia1+fRl1DU4XqeBBe1iO8iCAsVrTGk8lM=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id jH1-VhNCgZAl; Mon, 29 Apr 2019 18:10:52 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 29 Apr 2019 18:10:51 +0200 (CEST)
Received: from [192.168.10.212] (nat05.wpe01.151FrontStW01.YYZ.beanfield.com [66.207.198.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id 492F62FCD9; Mon, 29 Apr 2019 12:10:50 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 492F62FCD9
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Paul Wouters <paul@nohats.ca>
X-Mailer: iPhone Mail (16E227)
In-Reply-To: <01b201d4f4f1$e617eb90$b247c2b0$@gmail.com>
Date: Mon, 29 Apr 2019 12:10:48 -0400
Cc: Tero Kivinen <kivinen@iki.fi>, ipsec@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <636D1D4B-3E3F-47F1-B64C-A266BF871010@nohats.ca>
References: <23734.7331.402882.289451@fireball.acr.fi> <01b201d4f4f1$e617eb90$b247c2b0$@gmail.com>
To: Valery Smyslov <smyslov.ietf@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/REId22FLDAL9yZgpSNnLyTZUSCs>
Subject: Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2019 16:10:59 -0000
I would prefer no notify if the request was fulfilled and to only send a notify if a request could not be fulfilled. Since clients can ask for both that should cover things. If a client isn’t asking for ipvX, I see no need to answer that ipvX is supported too. Paul Sent from mobile device > On Apr 17, 2019, at 03:48, Valery Smyslov <smyslov.ietf@gmail.com> wrote: > > Hi, > > I was thinking of another alternative design (well, it's a small modification > of a current one). Instead of defining IP4_ONLY_ALLOWED and IP6_ONLY_ALLOWED, > define IP4_ALLOWED and IP6_ALLOWED. The semantics would be a positive > assertion that this particular AF allowed, without any concerns with the other AF. > > In this case, the behavior would be as follows: > > Requested @Init Supported @Resp Assigned Returned Notification > > IPv4 IPv6 None IP6_ALLOWED > > IPv6 IPv6 IPv6 IP6_ALLOWED > > IPv6 IPv4 None IP4_ALLOWED > > IPv4 IPv4 IPv4 IP4_ALLOWED > > IPv4 and IPv6 IPv6 IPv6 IP6_ALLOWED > > IPv4 and IPv6 IPv4 IPv4 IP4_ALLOWED > > IPv4 and IPv6 IPv6 or IPv4 IPv6 or IPv4 IP4_ALLOWED, > (Policy-based) IP6_ALLOWED > > IPv4 and IPv6 IPv6 and IPv4 IPv6 and IPv4 IP4_ALLOWED, > IP6_ALLOWED > > An (mostly theoretical) advantage of this design is that if some new AF appears > (well, I understand that it's unlikely in the foreseen future, but who knows), > the design will work w/o changes, we only need to define a new <AF>_ALLOWED > notification. > > Regards, > Valery. > > >> In the Prague meeting we had two options how to send information what >> kind of address families are supported [1]: >> >> 1) IP6_ONLY_ALLOWED and IP4_ONLY_ALLOWED status notifications which >> are sent whenever only one address family is supported. I.e., if >> only one address family is supported, then IP*_ONLY_ALLOWED is >> sent. If both address families are supported, then no status code >> is sent. This is what current draft proposes. >> >> 2) ADDITINAL_ADDRESS_FAMILY_POSSIBLE status notification which is used >> when other address family than currently returned could also be >> used. I.e., if no address was assigned, then this status >> notification tells that trying with other address family works, and >> if address was assigned from one address family this tells that >> another request with another address family can also work. >> >> In the meeting we did not have clear concensus [2] on which of them >> are better. The option 2 is closer to what we currently have in >> RFC7296 for ADDITIONAL_TS_POSSIBLE. >> >> Both of the options seems to work, and I think people think the >> differences are so small, that they do not care. So unless people >> object soon, I think we will keep whatever is in the draft, as I >> seemed to be only one who thought the other option would be clearer. >> >> [1] See slides 6 and 7 of >> https://datatracker.ietf.org/meeting/104/materials/slides-104-ipsecme-chair-slides-04 >> [2] https://datatracker.ietf.org/doc/minutes-104-ipsecme/ >> -- >> kivinen@iki.fi >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Tero Kivinen
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Valery Smyslov
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Valery Smyslov
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Valery Smyslov
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters