Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes
"Valery Smyslov" <smyslov.ietf@gmail.com> Tue, 30 April 2019 06:11 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA99712014A for <ipsec@ietfa.amsl.com>; Mon, 29 Apr 2019 23:11:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sF-mSGyamRqD for <ipsec@ietfa.amsl.com>; Mon, 29 Apr 2019 23:11:32 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 701C8120135 for <ipsec@ietf.org>; Mon, 29 Apr 2019 23:11:32 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id r72so7247322ljb.9 for <ipsec@ietf.org>; Mon, 29 Apr 2019 23:11:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=fvcEoJcprOnQu18aHraPOZC2WDwb9M4iEmRkr1MrTBQ=; b=oVj160ccgvdx/sbZWRsX9Z84++XaEuHztM4gjmmMuIjBPBmx1iBq6Pn9nz6zO0ws8x cUDVn5nxBwo+g10MEg95BE9z7UCQTmihpwHu3MbFxhbX+ThTqLRcejV+nqOJSHvws9bW HB5xabmH6q2eHVLwNUFZzV2wH+O8bLzbEwCBdO2XYWQjPGL4ujCopLc7sfs4T97TiIuo WvdPSTozBmySkolhmq5nm9FMRvJSsIX/ZhOLSJ1zm9/YaZiqLx6YI6/G4y/Qc1tUEXd9 OBucHQ1TZfDFWdZ8B8hG7Nr7ZvXkXDTTSETojsQk5nyV+m8OC14WdNPEd2nMD3ydr07n 65KQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=fvcEoJcprOnQu18aHraPOZC2WDwb9M4iEmRkr1MrTBQ=; b=Qgga5Begr3m6bCSCRCet6Uv97LH+OYAyQiJIRUTRlT+GbVx6EYDIBYjaA4JWbPI8r9 el8pu/QHqVhMPzvKnY3zGz5jVurq+55ekcPxMYsZsyvOpkQMS4BpMEJKnVWiltkV4fdM Cx/nUYMGn1XLjXDELpfLfYCc95D6h0i7WPBUb6RNNrFhJT8Vdbp+m3I3sUwVFLhBnsNW V0660lIcB2b+kYJiWighveYnSGtpJ5U+EEDwW0av0QECHHKsLMpBhXrD4Cn8f3qOKHaI MRGPRXwLnQZFCbVZ6loR2fZ+BakYHXD+lVYrHLig4n1gDgwlTmfADwK2f5m6reb01vCr 4RlQ==
X-Gm-Message-State: APjAAAXv8VYL0pOortIGmZf6gMUVRmhawVjXKFuFNAhIRCNPrYy3g84u 4rQ7JLeR0vU3ifP2xkgq3+97GmoD
X-Google-Smtp-Source: APXvYqzGNYzs81W78TxUwi5t8//CPCa21lnXunurSB6CuL2Mg4xy8fL4DDoRelDJAoWqhFxf/dADWw==
X-Received: by 2002:a2e:292:: with SMTP id y18mr35132824lje.52.1556604690418; Mon, 29 Apr 2019 23:11:30 -0700 (PDT)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id c19sm6894740lfi.69.2019.04.29.23.11.28 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 29 Apr 2019 23:11:29 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Paul Wouters' <paul@nohats.ca>
Cc: 'Tero Kivinen' <kivinen@iki.fi>, ipsec@ietf.org
References: <23734.7331.402882.289451@fireball.acr.fi> <01b201d4f4f1$e617eb90$b247c2b0$@gmail.com> <636D1D4B-3E3F-47F1-B64C-A266BF871010@nohats.ca>
In-Reply-To: <636D1D4B-3E3F-47F1-B64C-A266BF871010@nohats.ca>
Date: Tue, 30 Apr 2019 09:10:17 +0300
Message-ID: <00c001d4ff1b$62c87050$285950f0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGx2DB/WIutEoo9ZJxUMu3Z3MbCGgJMohb3Ab24xX+mejF70A==
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/fvdsUjpJMEXwI3lWXkQ45m6Z3hY>
Subject: Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2019 06:11:35 -0000
Hi Paul, > I would prefer no notify if the request was fulfilled and to only send a notify if a request could not be fulfilled. > Since clients can ask for both that should cover things. If a client isn’t asking for ipvX, I see no need to answer > that ipvX is supported too. That would make sending these notifies dependent on the content of request. So, the tradeoff is whether saving eight bytes justifies complication of state machine. Regards, Valery. > Paul > > Sent from mobile device > > > On Apr 17, 2019, at 03:48, Valery Smyslov <smyslov.ietf@gmail.com> wrote: > > > > Hi, > > > > I was thinking of another alternative design (well, it's a small modification > > of a current one). Instead of defining IP4_ONLY_ALLOWED and IP6_ONLY_ALLOWED, > > define IP4_ALLOWED and IP6_ALLOWED. The semantics would be a positive > > assertion that this particular AF allowed, without any concerns with the other AF. > > > > In this case, the behavior would be as follows: > > > > Requested @Init Supported @Resp Assigned Returned Notification > > > > IPv4 IPv6 None IP6_ALLOWED > > > > IPv6 IPv6 IPv6 IP6_ALLOWED > > > > IPv6 IPv4 None IP4_ALLOWED > > > > IPv4 IPv4 IPv4 IP4_ALLOWED > > > > IPv4 and IPv6 IPv6 IPv6 IP6_ALLOWED > > > > IPv4 and IPv6 IPv4 IPv4 IP4_ALLOWED > > > > IPv4 and IPv6 IPv6 or IPv4 IPv6 or IPv4 IP4_ALLOWED, > > (Policy-based) IP6_ALLOWED > > > > IPv4 and IPv6 IPv6 and IPv4 IPv6 and IPv4 IP4_ALLOWED, > > IP6_ALLOWED > > > > An (mostly theoretical) advantage of this design is that if some new AF appears > > (well, I understand that it's unlikely in the foreseen future, but who knows), > > the design will work w/o changes, we only need to define a new <AF>_ALLOWED > > notification. > > > > Regards, > > Valery. > > > > > >> In the Prague meeting we had two options how to send information what > >> kind of address families are supported [1]: > >> > >> 1) IP6_ONLY_ALLOWED and IP4_ONLY_ALLOWED status notifications which > >> are sent whenever only one address family is supported. I.e., if > >> only one address family is supported, then IP*_ONLY_ALLOWED is > >> sent. If both address families are supported, then no status code > >> is sent. This is what current draft proposes. > >> > >> 2) ADDITINAL_ADDRESS_FAMILY_POSSIBLE status notification which is used > >> when other address family than currently returned could also be > >> used. I.e., if no address was assigned, then this status > >> notification tells that trying with other address family works, and > >> if address was assigned from one address family this tells that > >> another request with another address family can also work. > >> > >> In the meeting we did not have clear concensus [2] on which of them > >> are better. The option 2 is closer to what we currently have in > >> RFC7296 for ADDITIONAL_TS_POSSIBLE. > >> > >> Both of the options seems to work, and I think people think the > >> differences are so small, that they do not care. So unless people > >> object soon, I think we will keep whatever is in the draft, as I > >> seemed to be only one who thought the other option would be clearer. > >> > >> [1] See slides 6 and 7 of > >> https://datatracker.ietf.org/meeting/104/materials/slides-104-ipsecme-chair-slides-04 > >> [2] https://datatracker.ietf.org/doc/minutes-104-ipsecme/ > >> -- > >> kivinen@iki.fi > >> > >> _______________________________________________ > >> IPsec mailing list > >> IPsec@ietf.org > >> https://www.ietf.org/mailman/listinfo/ipsec > > > > _______________________________________________ > > IPsec mailing list > > IPsec@ietf.org > > https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Tero Kivinen
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Valery Smyslov
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Valery Smyslov
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Valery Smyslov
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters