IETF Logo Mail Archive

[IPsec] informal ports and transport review of ipsecme-chairs@tools.ietf.org

Joe Touch <touch@isi.edu> Tue, 25 April 2017 18:36 UTC

Return-Path: <touch@isi.edu>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 218671316EF; Tue, 25 Apr 2017 11:36:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GP6oqxa_Ozh6; Tue, 25 Apr 2017 11:36:46 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0375A131523; Tue, 25 Apr 2017 11:36:42 -0700 (PDT)
Received: from [128.9.184.33] ([128.9.184.33]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id v3PIa7gk028389 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 25 Apr 2017 11:36:08 -0700 (PDT)
From: Joe Touch <touch@isi.edu>
To: draft-ietf-ipsecme-tcp-encaps@ietf.org, ipsec@ietf.org
Cc: ipsecme-chairs@tools.ietf.org
Message-ID: <ad24eb65-cc3f-ff2c-2526-1e30e5c92566@isi.edu>
Date: Tue, 25 Apr 2017 11:36:06 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.0.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/m3fo-8psQ18xeWNW-LH2FaiHjCw>
Subject: [IPsec] informal ports and transport review of ipsecme-chairs@tools.ietf.org
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Apr 2017 18:36:47 -0000

Hi, all,

I'm providing this feedback at the request of the ADs.

The port information is based on my experience as IANA port review team lead.

The transport information is based on my experience in TSV-ART.

Joe

----------------

Ports issues:

Every bit pattern, including those using magic numbers, is already owned and under the control of each assigned port. It is not appropriate for any new service to hijack that pattern as having a different meaning UNLESS explicitly updating the service on
that port.

A simple summary of what needs to change, in 2119-language:

    - this approach MUST NOT be described as applying to any assigned number unless
also updating the associated RFC

    - this approach MUST NOT be described as applying to any unassigned but
assignable, or reserved port

    - this approach MUST NOT use any existing assigned port in an example unless also
updating the associated RFC (including 4500 and 443)

	- IMO, this is a new service that therefore MUST either request a new assignment (for
TCP only) or  be limited to operating only over dynamic ports, as per RFC6335

------------------
TCP issues:

This approach has issues with its use of TCP as well, as follows:

 - TCP MSS has nothing to do with fragmentation; it is primarily
associated with IP reassembly

    - TCP over TCP discussion is insufficient; there are known
interactions that amplify the problem far beyond either one alone

---

v2.23.0 | Report a Bug | By Email