Re: [MEXT] firewall docs review
RYUJI WAKIKAWA <ryuji.wakikawa@gmail.com> Tue, 19 February 2008 03:01 UTC
Return-Path: <mext-bounces@ietf.org>
X-Original-To: ietfarch-mip6-archive@core3.amsl.com
Delivered-To: ietfarch-mip6-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B601D3A6826; Mon, 18 Feb 2008 19:01:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.086
X-Spam-Level:
X-Spam-Status: No, score=-1.086 tagged_above=-999 required=5 tests=[AWL=-0.649, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WpNg49s1HP1b; Mon, 18 Feb 2008 19:01:06 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C77FC3A6915; Mon, 18 Feb 2008 19:01:06 -0800 (PST)
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C360B3A6915 for <mext@core3.amsl.com>; Mon, 18 Feb 2008 19:01:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P6EN4MyycJK4 for <mext@core3.amsl.com>; Mon, 18 Feb 2008 19:01:04 -0800 (PST)
Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.185]) by core3.amsl.com (Postfix) with ESMTP id 2B5683A6826 for <mext@ietf.org>; Mon, 18 Feb 2008 19:01:03 -0800 (PST)
Received: by rv-out-0910.google.com with SMTP id l15so1317754rvb.49 for <mext@ietf.org>; Mon, 18 Feb 2008 19:01:00 -0800 (PST)
Received: by 10.141.99.4 with SMTP id b4mr4317097rvm.275.1203390060537; Mon, 18 Feb 2008 19:01:00 -0800 (PST)
Received: from ?203.178.143.221? ( [203.178.143.221]) by mx.google.com with ESMTPS id l31sm2516830rvb.27.2008.02.18.19.00.57 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 18 Feb 2008 19:00:59 -0800 (PST)
From: RYUJI WAKIKAWA <ryuji.wakikawa@gmail.com>
To: QIU Ying <qiuying@i2r.a-star.edu.sg>
In-Reply-To: <003201c8721d$0ae7f190$3589a8c0@precision5570>
X-Priority: 3
References: <7C5C82DC-66BA-4C6E-9195-4B773C8D3542@gmail.com> <003201c8721d$0ae7f190$3589a8c0@precision5570>
Message-Id: <950BDB72-2EF2-4C61-AA25-40059B1F1D04@gmail.com>
Mime-Version: 1.0 (Apple Message framework v915)
Date: Tue, 19 Feb 2008 12:00:55 +0900
X-Mailer: Apple Mail (2.915)
Cc: mext@ietf.org
Subject: Re: [MEXT] firewall docs review
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mext-bounces@ietf.org
Errors-To: mext-bounces@ietf.org
Hi, Qiu On 2008/02/18, at 19:57, QIU Ying wrote: > Hi, Ryuji > > Thanks for your comments. My response is inline. > > ----- Original Message ----- "RYUJI WAKIKAWA" wrote > > >> Hi Suresh and authors, >> >> I was asked to review draft-krishnan-mip6-firewall-admin-02 and >> draft-krishnan-mip6-firewall-vendor-02. >> >> - Can current filtering mechanism check the IP options field?! > > No. Current firewall filter does not support to check the IP options > field. It's up to implementation, isn't it? I can easily setup the firewall with PC which can check the IP options... Which firewall products are you assuming? Are there substantial reasons to say NO here? > >> If yes, the document should mention which IP options are appeared >> for which packets. >> An example is DST Opt for BU and RTHDR for BA. >> Otherwise, the operator might just block all the packets having >> RTHDR option regardless of BA. >> >> For example, in section 3.1 of draft-admin , >> Destination Address: Address of HA >> <-- adding Dest >> option (HoA option)? >> Next Header: 50 (ESP) >> Mobility Header Type: 5 (BU) > > For draft-admin, which purpose is BCP, so we could not solicit the > function here. But we could provide the filter in draft-vender. > >> >> - missing authentication option and DSMIP support? >> DSMIP will introduce much complexity to firewall setup. > > The target of these two draft is to make MIP6 signalling pass > through the firewalls. So, in my opinion, the issue of > authentication and DSMIP might be out of the scope. DSMIP seems to be adapted to many deployment case. why not:-) ryuji >> >> - RO is optional in the RFC3775. I am not sure you can treat >> RO signaling as same as the BU/BA for firewall filters setup. >> It might be good if you provide the minimum set of rules (BU/BA >> only) >> and the full set of rules (All MH signaling). > > Good comments. > > Regards and Thanks > Qiu Ying > > >> >> - why are these two separate documents? >> >> regards, >> ryuji >> _______________________________________________ >> MEXT mailing list >> MEXT@ietf.org >> http://www.ietf.org/mailman/listinfo/mext > > > ------------ Institute For Infocomm Research - Disclaimer > -------------This email is confidential and may be privileged. If > you are not the intended recipient, please delete it and notify us > immediately. Please do not copy or use it for any purpose, or > disclose its contents to any other person. Thank > you.-------------------------------------------------------- _______________________________________________ MEXT mailing list MEXT@ietf.org http://www.ietf.org/mailman/listinfo/mext
- [MEXT] firewall docs review RYUJI WAKIKAWA
- Re: [MEXT] firewall docs review QIU Ying
- Re: [MEXT] firewall docs review RYUJI WAKIKAWA
- Re: [MEXT] firewall docs review QIU Ying