[Ipsec] Retry: IANA registry modifications to draft-ietf-ipsec-nat-t-ike
Tero Kivinen <kivinen@iki.fi> Mon, 04 October 2004 08:28 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA11011 for <ipsec-archive@lists.ietf.org>; Mon, 4 Oct 2004 04:28:25 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CEO7V-00009M-TL; Mon, 04 Oct 2004 04:22:57 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CEO3n-0007wh-1E for ipsec@megatron.ietf.org; Mon, 04 Oct 2004 04:19:07 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA10586 for <ipsec@ietf.org>; Mon, 4 Oct 2004 04:19:04 -0400 (EDT)
Received: from [83.145.195.1] (helo=mail.kivinen.iki.fi) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CEOCp-0005eU-0F for ipsec@ietf.org; Mon, 04 Oct 2004 04:28:27 -0400
Received: from fireball.kivinen.iki.fi (localhost [IPv6:::1]) by mail.kivinen.iki.fi (8.12.11/8.12.10) with ESMTP id i948J1hr027467 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for <ipsec@ietf.org>; Mon, 4 Oct 2004 11:19:01 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.12.11/8.12.6/Submit) id i948J0HH027464; Mon, 4 Oct 2004 11:19:00 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16737.1908.314598.364496@fireball.kivinen.iki.fi>
Date: Mon, 04 Oct 2004 11:19:00 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: ipsec@ietf.org
X-Mailer: VM 7.17 under Emacs 21.3.1
X-Edit-Time: 2 min
X-Total-Time: 2 min
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2857c5c041d6c02d7181d602c22822c8
Content-Transfer-Encoding: 7bit
Subject: [Ipsec] Retry: IANA registry modifications to draft-ietf-ipsec-nat-t-ike
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Content-Transfer-Encoding: 7bit
[I sent this to the list last week, but I could not see it appearing on the list, so I assume it was stuck in the spam filters as I sent it from the different address. Retrying now with my iki-address, hopefully this will get through]. Message-ID: <16731.58588.849432.183206@ryijy.hel.internal> From: Tero Kivinen <kivinen@safenet-inc.com> To: ipsec@ietf.org CC: tytso@mit.edu, byfraser@cisco.com, cotton@icann.org, smb@research.att.com, housley@vigilsec.com, Ari.Huttunen@F-Secure.com, briansw@microsoft.com, vvolpe@cisco.com Subject: IANA registry modifications to draft-ietf-ipsec-nat-t-ike Date: Thu, 30 Sep 2004 13:50:04 +0300 The draft-ietf-ipsec-nat-t-ike is now in the IANA registry allocation phase, and because of this we needed to allocate new numbers to the NAT-D and NAT-OA payload numbers. During the time the document has been in the various queues the IANA registry for the IKE payload numbers has been created, and numbers 15 and 16 used in the draft has already been given out. Because of this we need to allocate next available numbers, 20 and 21. This will make following changes to the document: Change from section 3.2 the The payload type of the NAT discovery payload is 15. to The payload type of the NAT discovery payload is 20. and change from section 5.2 the The paylaod type for the NAT original address payload is 16. to The payload type for the NAT original address payload is 21. and also probably changing the IANA considerations section 9 from New IKE payload numbers are (There is no IANA registry related to this and no need to create new one, but if one is added these should be added there): NAT-D 15 NAT Discovery Payload NAT-OA 16 NAT Original Address Payload to New IKE payload numbers need to be added to the Next Payload Types registry: NAT-D 20 NAT Discovery Payload NAT-OA 21 NAT Original Address Payload ---------------------------------------------------------------------- There are some other changes to be done during the author 48 hours state, which include: ---------------------------------------------------------------------- Calculating the Vendor-ID, when we know the final RFC number (section 3.1). ---------------------------------------------------------------------- Adding IAB considerations section (requested and agreed during the IESG evaluation): 10. IAB Considerations The UNSAF [RFC 3424] questions are addressed by the IPsec-NAT compatibility requirements document [RFC 3715]. and then renumber sections after that accordingly. This also requires adding [RFC3424] Daigle, L. and IAB, "IAB Considerations for UNilateral Self-Address Fixing (UNSAF) Across Network Address Translation", RFC 3424, November 2002. to the non-normative references section (and change the [Aboba03] to [RFC3715] as it is now out). ---------------------------------------------------------------------- There has also been a request to clarify the section 7 about which packets can be used as an authenticated packet, i.e. change the There are cases where NAT box decides to remove mappings that are still alive (for example, the keepalive interval is too long, or the NAT box is rebooted). To recover from this, ends which are NOT behind NAT SHOULD use the last valid authenticated packet from the other end to determine which IP and port addresses should be used. To There are cases where NAT box decides to remove mappings that are still alive (for example, the keepalive interval is too long, or the NAT box is rebooted). To recover from this, ends which are NOT behind NAT SHOULD use the last valid UDP encapsulated IKE or IPsec packet from the other end to determine which IP and port addresses should be used. (i.e change "valid authenticated packet" to "valid UDP encapsulated IKE or IPsec packet"). I myself think that the section would be clear enough with the change, but the changed text might be little clearer. -- kivinen@safenet-inc.com _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] Retry: IANA registry modifications to dra… Tero Kivinen