Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo-v4traversal-06.txt
"Dan Wing" <dwing@cisco.com> Wed, 17 December 2008 15:29 UTC
Return-Path: <mext-bounces@ietf.org>
X-Original-To: monami6-archive@megatron.ietf.org
Delivered-To: ietfarch-monami6-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id BE5A13A695E;
Wed, 17 Dec 2008 07:29:26 -0800 (PST)
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id CCDCC28C193;
Tue, 16 Dec 2008 13:33:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.593
X-Spam-Level:
X-Spam-Status: No, score=-6.593 tagged_above=-999 required=5
tests=[AWL=-0.006, BAYES_00=-2.599, GUARANTEED_100_PERCENT=0.012,
RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id l+m2ezXfdwmo; Tue, 16 Dec 2008 13:33:03 -0800 (PST)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87])
by core3.amsl.com (Postfix) with ESMTP id EFF0728C14E;
Tue, 16 Dec 2008 13:33:02 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.36,232,1228089600"; d="scan'208";a="56403944"
Received: from sj-dkim-2.cisco.com ([171.71.179.186])
by sj-iport-5.cisco.com with ESMTP; 16 Dec 2008 21:32:56 +0000
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237])
by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id mBGLWte0025133;
Tue, 16 Dec 2008 13:32:55 -0800
Received: from dwingwxp01 ([10.32.240.196])
by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id mBGLWtwP012902;
Tue, 16 Dec 2008 21:32:55 GMT
From: "Dan Wing" <dwing@cisco.com>
To: "'Hesham Soliman'" <hesham@elevatemobile.com>,
"'Colin Perkins'" <csp@csperkins.org>
References: <5B953275-471A-40FF-B923-EB697AA96CA8@csperkins.org>
<C55A089B.A7D6%hesham@elevatemobile.com>
Date: Tue, 16 Dec 2008 13:32:55 -0800
Message-ID: <3cad01c95fc5$dbe9d2e0$c4f0200a@cisco.com>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <C55A089B.A7D6%hesham@elevatemobile.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
thread-index: AclToDehY9f7D5O2B0SDZCHZLI7C0gMJX5Pg
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2909; t=1229463176;
x=1230327176; c=relaxed/simple; s=sjdkim2002;
h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version;
d=cisco.com; i=dwing@cisco.com;
z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com>
|Subject:=20RE=3A=20tsv-dir=20review=20of=20draft-ietf-mext
-nemo-v4traversal-06.txt |Sender:=20;
bh=/HKdDckFLRnrJDUPuMQqsWkg3DhnKqSTDTzfys23lZE=;
b=1eWFPe5pQcpovdqx9bGK9YNPJh1lBtOxrRtgCEwyDG/fRBVcLvet7S7DY8
Ilbo3Oy9hQl4y0ZR0U99KyNcdSmMA1WceBTaiBZMj7QhpaxMHATkO8q1C+et
eMrlCe55Yt;
Authentication-Results: sj-dkim-2; header.From=dwing@cisco.com; dkim=pass (
sig from cisco.com/sjdkim2002 verified; );
X-Mailman-Approved-At: Wed, 17 Dec 2008 07:29:25 -0800
Cc: mext@ietf.org, ietf@ietf.org, 'TSV Dir' <tsv-dir@ietf.org>
Subject: Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo-v4traversal-06.txt
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>,
<mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>,
<mailto:mext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mext-bounces@ietf.org
Errors-To: mext-bounces@ietf.org
> -----Original Message----- > From: ietf-bounces@ietf.org [mailto:ietf-bounces@ietf.org] On > Behalf Of Hesham Soliman > Sent: Monday, December 01, 2008 2:33 AM > To: Colin Perkins > Cc: TSV Dir; ietf@ietf.org; mext@ietf.org > Subject: Re: tsv-dir review of draft-ietf-mext-nemo-v4traversal-06.txt > > Thanks Colin, > > I agree with your rationale but I wonder if we need to > support every broken > device out there. In any case, if we have to, I prefer to > require encryption > than to add the XORED address option. I'd like to hear what > people in MEXT > think about this, comments from MEXT? (catching up on email after a long vacation; sorry for the delay.) FYI, Teredo also found NATs that meddled with IP addresses on 32 bit boundaries. From RFC4380, Other investigation in the behavior of NAT also outlined the "probabilistic rewrite" behavior. Some brands of NAT will examine all packets for "embedded addresses", IP addresses, and port numbers present in application payloads. They will systematically replace 32-bit values that match a local address by the corresponding mapped address. The Teredo specification includes an "obfuscation" procedure in order to avoid this behavior. -d > Hesham > > > On 1/12/08 9:13 PM, "Colin Perkins" <csp@csperkins.org> wrote: > > > On 1 Dec 2008, at 09:00, Hesham Soliman wrote: > >>>> => Well, I'm not sure how a NAT can do that. You mean > the NAT will > >>>> parse the binding update message deep inside the IPv6 extension > >>>> header in the inner IP packet? This is where the original address > >>>> is preserved. To do that, a NAT would have to understand the > >>>> various MIPv6 options, and if it did, it would know not to do > >>>> that :) The inner header is IPv6, so a NAT should not touch that. > >>> > >>> My understanding from the STUN work is that NATs have > been observed > >>> which rewrite any sequence of four aligned bytes matching > the source > >>> IP address, irrespective of its location within the > packet (section > >>> 15.2 of RFC 5389). > >> > >> => Sounds freightning! May be we need to mandate encryption and > >> hope that no 4-byte sequence matched the IP address? What do they > >> do with encrypted packets? How do they know they're encrypted? > > > > One would assume these broken devices will potentially corrupt > > encrypted packets, the same as they will potentially corrupt any > > other packet. Hiding the source address when it appears in the > > payload (either by encryption, or using some trivial obfuscation as > > does STUN) simply reduces the probability of such corruption so it's > > no longer 100% guaranteed that the payload will be mangled. > > > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf _______________________________________________ MEXT mailing list MEXT@ietf.org https://www.ietf.org/mailman/listinfo/mext
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Hesham Soliman
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Colin Perkins
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Hesham Soliman
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Hesham Soliman
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Colin Perkins
- Re: [MEXT] [tsv-dir] tsv-dir review of draft-ietf… Magnus Westerlund
- Re: [MEXT] [tsv-dir] tsv-dir review of draft-ietf… Colin Perkins
- Re: [MEXT] [tsv-dir] tsv-dir review of draft-ietf… Matt Mathis
- Re: [MEXT] [tsv-dir] tsv-dir review of draft-ietf… Rémi Denis-Courmont
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Jari Arkko
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Colin Perkins
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Dan Wing