Re: [MEXT] firewall docs review
"QIU Ying" <qiuying@i2r.a-star.edu.sg> Mon, 18 February 2008 10:57 UTC
Return-Path: <mext-bounces@ietf.org>
X-Original-To: ietfarch-mext-archive@core3.amsl.com
Delivered-To: ietfarch-mext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9619C28C305; Mon, 18 Feb 2008 02:57:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.26
X-Spam-Level:
X-Spam-Status: No, score=-0.26 tagged_above=-999 required=5 tests=[AWL=0.177, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VR69veWPx1jj; Mon, 18 Feb 2008 02:57:29 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A69FB3A6C0A; Mon, 18 Feb 2008 02:57:29 -0800 (PST)
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 26ABF28C1D9 for <mext@core3.amsl.com>; Mon, 18 Feb 2008 02:57:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pQqtynveFoCb for <mext@core3.amsl.com>; Mon, 18 Feb 2008 02:57:26 -0800 (PST)
Received: from rodin.i2r.a-star.edu.sg (rodin.i2r.a-star.edu.sg [192.122.139.27]) by core3.amsl.com (Postfix) with ESMTP id 5269A3A6C0A for <mext@ietf.org>; Mon, 18 Feb 2008 02:57:24 -0800 (PST)
Received: from rodin.i2r.a-star.edu.sg (unknown [127.0.0.1]) by IMSA (Postfix) with ESMTP id C205E13B67E; Mon, 18 Feb 2008 01:31:18 +0800 (SGT)
Received: from mailfe01.teak.local.net (unknown [192.122.134.9]) by rodin.i2r.a-star.edu.sg (Postfix) with ESMTP id B4F1C13B673; Mon, 18 Feb 2008 01:31:18 +0800 (SGT)
Received: from precision5570 ([192.168.137.53]) by mailfe01.teak.local.net with Microsoft SMTPSVC(6.0.3790.1830); Mon, 18 Feb 2008 18:56:33 +0800
Message-ID: <003201c8721d$0ae7f190$3589a8c0@precision5570>
From: QIU Ying <qiuying@i2r.a-star.edu.sg>
To: RYUJI WAKIKAWA <ryuji.wakikawa@gmail.com>, mext@ietf.org
References: <7C5C82DC-66BA-4C6E-9195-4B773C8D3542@gmail.com>
Date: Mon, 18 Feb 2008 18:57:24 +0800
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-OriginalArrivalTime: 18 Feb 2008 10:56:33.0447 (UTC) FILETIME=[EC9DBB70:01C8721C]
Subject: Re: [MEXT] firewall docs review
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mext-bounces@ietf.org
Errors-To: mext-bounces@ietf.org
Hi, Ryuji Thanks for your comments. My response is inline. ----- Original Message ----- "RYUJI WAKIKAWA" wrote > Hi Suresh and authors, > > I was asked to review draft-krishnan-mip6-firewall-admin-02 and > draft-krishnan-mip6-firewall-vendor-02. > > - Can current filtering mechanism check the IP options field?! No. Current firewall filter does not support to check the IP options field. > If yes, the document should mention which IP options are appeared > for which packets. > An example is DST Opt for BU and RTHDR for BA. > Otherwise, the operator might just block all the packets having > RTHDR option regardless of BA. > > For example, in section 3.1 of draft-admin , > Destination Address: Address of HA > <-- adding Dest > option (HoA option)? > Next Header: 50 (ESP) > Mobility Header Type: 5 (BU) For draft-admin, which purpose is BCP, so we could not solicit the function here. But we could provide the filter in draft-vender. > > - missing authentication option and DSMIP support? > DSMIP will introduce much complexity to firewall setup. The target of these two draft is to make MIP6 signalling pass through the firewalls. So, in my opinion, the issue of authentication and DSMIP might be out of the scope. > > - RO is optional in the RFC3775. I am not sure you can treat > RO signaling as same as the BU/BA for firewall filters setup. > It might be good if you provide the minimum set of rules (BU/BA > only) > and the full set of rules (All MH signaling). Good comments. Regards and Thanks Qiu Ying > > - why are these two separate documents? > > regards, > ryuji > _______________________________________________ > MEXT mailing list > MEXT@ietf.org > http://www.ietf.org/mailman/listinfo/mext ------------ Institute For Infocomm Research - Disclaimer -------------This email is confidential and may be privileged. If you are not the intended recipient, please delete it and notify us immediately. Please do not copy or use it for any purpose, or disclose its contents to any other person. Thank you.-------------------------------------------------------- _______________________________________________ MEXT mailing list MEXT@ietf.org http://www.ietf.org/mailman/listinfo/mext
- [MEXT] firewall docs review RYUJI WAKIKAWA
- Re: [MEXT] firewall docs review QIU Ying
- Re: [MEXT] firewall docs review RYUJI WAKIKAWA
- Re: [MEXT] firewall docs review QIU Ying