RE: [midcom] Basic question about SAFENeT I-D
"Townsend, Richard L, JR (Rick)" <rltownsend@lucent.com> Tue, 02 August 2005 14:51 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Dzy6t-0001uV-4V; Tue, 02 Aug 2005 10:51:15 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Dzy6r-0001t1-S8 for midcom@megatron.ietf.org; Tue, 02 Aug 2005 10:51:13 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA25678 for <midcom@ietf.org>; Tue, 2 Aug 2005 10:51:10 -0400 (EDT)
Received: from hoemail2.lucent.com ([192.11.226.163]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1DzydL-0003YW-Lf for midcom@ietf.org; Tue, 02 Aug 2005 11:24:48 -0400
Received: from nj7460exch002h.wins.lucent.com (h135-17-42-35.lucent.com [135.17.42.35]) by hoemail2.lucent.com (8.12.11/8.12.11) with ESMTP id j72Ep8Z9027545; Tue, 2 Aug 2005 09:51:08 -0500 (CDT)
Received: by nj7460exch002h.ho.lucent.com with Internet Mail Service (5.5.2657.72) id <L37Y2ZR6>; Tue, 2 Aug 2005 10:51:08 -0400
Message-ID: <1B8C2E08B21B8743A2B3AED07407DA760975FE5B@nj7460exch002u.ho.lucent.com>
From: "Townsend, Richard L, JR (Rick)" <rltownsend@lucent.com>
To: 'Juergen Quittek' <quittek@netlab.nec.de>, Martin Stiemerling <stiemerling@netlab.nec.de>, midcom@ietf.org
Subject: RE: [midcom] Basic question about SAFENeT I-D
Date: Tue, 02 Aug 2005 10:51:07 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain; charset="iso-8859-1"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 34d35111647d654d033d58d318c0d21a
Cc:
X-BeenThere: midcom@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: midcom.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:midcom@ietf.org>
List-Help: <mailto:midcom-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=subscribe>
Sender: midcom-bounces@ietf.org
Errors-To: midcom-bounces@ietf.org
Hi Juergen and Martin, Sorry to take so long getting back to you but I've been working an issue with my boss in another standards body. I took the opportunity over the past week to talk and develop a better understanding of where MIDCOM is in their decision process. Back to that in a minute. First let me address your questions. I put together a couple of slides last week that I can share with you. Slide 1: Assumptions for SAFENeT Optimized for enterprise environment with respect to security and performance Call Server owned by enterprise SIP-based, system supports S/MIME TLS using mutually authenticated certification for secure message exchange NAT vendors may implement their devices however they see fit, i.e., SAFENeT is not restricted in the type of NAT. Slide 2: Side by side comparison of SIMCO and SAFENeT SIMCO SAFENeT Target customer General, comprehensive Optimized for enterprise Call server ownership Call server could be owned by anybody Call server owned by enterprise Protocol binary ASCII Message transmittal - server to NAT/FW IPsec potentially across public realm TLS within enterprise (maybe with a shared key) Performance One message/command Assert better than current draft regarding traffic volume Versatility Could be extended to address Offers opportunity to address issues such as QoS Simplicity Binary is better ASCII addresses enterprise market so inexpensive is not an issue Explaining the advantages of SAFENeT in the table: Advantages of SAFENeT: Addresses higher level of security for those enterprises requiring it. Enterprise ownership of call server lowers risk of security attack, i.e., SIMCO uses messages to server to initiate NAT/FW actions remember, server could be within enterprise Protocol offers more functionality such as setting QoS parameters. Easier to establish/coordinate rules between server and NAT/FW, i.e., administered by same enterprise IT group. Protocol for reservation lowers traffic volume with more control given to the (enterprise owned) call server, i.e., can reserve in blocks. ************************** Having stated that let me state what I believe (and I could be wrong) what the status in MIDCOM is. The group has done and published an RFC on protocol evaluation (RFC 4097) and in that analysis, SNMP came out the winner. It may need some simple extensions but it is the best of the group. The people I talked with believe SIMCO is on a track towards Experimental RFC. The IESG rules allow more than one Experimental RFC from a group. I now realize that with RFC 4097, my goal of SAFENeT becoming an RFC is either premature, unrealizable, or both. So let me take a more realistic position and note that, given the advantages I see as noted above, SAFENeT should be offered as being on an Experimental RFC track too. While others may not see or agree with the advantages I see, we do have a client who does, one who looks on security as uppermost. Let me add that I see nothing wrong with SIMCO nor the decision by th egroup on SNMP. I just see an advantage for a simpler, higher performance and more secure spec on which to build a product (and restricts some of its messaging in the provision process); and yes, it gives up something concerning the comprehensive nature of the others. I hope the above clarifies my position. I'll be in BEHAVE and MSEC this afternoon although there isn't much time after either of those. Would meeting after PKI4IPSEC be better? I could stay in the room after to be easier to find. Rick -----Original Message----- From: Juergen Quittek [mailto:quittek@netlab.nec.de] Sent: Tuesday, August 02, 2005 6:07 AM To: Martin Stiemerling; Townsend, Richard L, JR (Rick); midcom@ietf.org Subject: Re: [midcom] Basic question about SAFENeT I-D --On 8/2/2005 11:52 AM +0200 Martin Stiemerling wrote: > Hi Rick, > > I'm re-reading the SAFENeT I-D and have a basic question. It is about > Section 2.4 "The MIDCOM and NSIS Solutions". You say this section is > describes existing solutions on middlebox traversal and configuration. > After reading it again, I still miss a reference to any already > available/existing that refers to a MIDCOM-type solution. How about > the FCP of Jiri Kuthan, MIDCOM MIB, or SIMCO? > > The solution described in Section 4.4 "Details of SAFENeT UA Communication > Protocol (SUCP)" will fit to SIPPING working group and not MIDCOM. If not > specified there, or in the SIP working group, already. > > I would like to see a clarification on this before we can meet > face to face. A meeting would be a great opportunity for clarifying this and other issues. Rick, when would you be available? Thanks, Juergen _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom
- [midcom] Basic question about SAFENeT I-D Martin Stiemerling
- Re: [midcom] Basic question about SAFENeT I-D Juergen Quittek
- RE: [midcom] Basic question about SAFENeT I-D Townsend, Richard L, JR (Rick)
- RE: [midcom] Basic question about SAFENeT I-D Juergen Quittek