Re: [OPSAWG] I-D Action: draft-gont-opsawg-firewalls-analysis-01.txt
Melinda Shore <melinda.shore@gmail.com> Mon, 19 October 2015 23:55 UTC
Return-Path: <melinda.shore@gmail.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E5B51ACEB6 for <opsawg@ietfa.amsl.com>; Mon, 19 Oct 2015 16:55:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ewTtUSceXBDm for <opsawg@ietfa.amsl.com>; Mon, 19 Oct 2015 16:55:25 -0700 (PDT)
Received: from mail-pa0-x22b.google.com (mail-pa0-x22b.google.com [IPv6:2607:f8b0:400e:c03::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D723D1ACE66 for <opsawg@ietf.org>; Mon, 19 Oct 2015 16:55:24 -0700 (PDT)
Received: by pabrc13 with SMTP id rc13so1375586pab.0 for <opsawg@ietf.org>; Mon, 19 Oct 2015 16:55:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=GkwDp0MIgN94b0N6ISW3/ekYCO8G/kB+pzwUgjo859E=; b=JnKwI7iFBd4qG7784sxqT4qYNXx0U//bXAhA0vBeXhXZnoF1srR6CITgmzKOAyTiYB v9yj3El8QRGMUKx0y31mhyGXlWriY54qG56RHhnYMdURy31sOOM3LFYmvPIH8jJQ7uKL 8177DSq7j6mc2VWrouqQdVjPONT56JCqlOu7mISUUjxhpStbc5s5IJh7FPEOdhwKn4dl Ci8tSq9IFJ33scQJx97poxmalY5cJfwbr1nGREi+kMCm4A9ONpbBmk+elYmZ98yR17KC qD1rRPKEy5yfJ0Gr4LhNmrHetS5VJt1XSg3x7PSmBpLiDHsYW1FqLNxTy/W0zJZI24Oo hIUg==
X-Received: by 10.68.239.33 with SMTP id vp1mr157164pbc.167.1445298924534; Mon, 19 Oct 2015 16:55:24 -0700 (PDT)
Received: from spandex.local (63-140-87-154-radius.dynamic.acsalaska.net. [63.140.87.154]) by smtp.gmail.com with ESMTPSA id im9sm172024pbc.1.2015.10.19.16.55.23 for <opsawg@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Oct 2015 16:55:24 -0700 (PDT)
Message-ID: <562582EA.4030301@gmail.com>
Date: Mon, 19 Oct 2015 15:55:22 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: opsawg@ietf.org
References: <20151013134530.1812.97650.idtracker@ietfa.amsl.com> <56245AE1.405@gmail.com> <D24A9604.20C16%uri@ll.mit.edu> <20151019231628.CB57D3AC7EDB@rock.dv.isc.org>
In-Reply-To: <20151019231628.CB57D3AC7EDB@rock.dv.isc.org>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/opsawg/vBTkHWawh7eDbRY5Y4wbP14uBxI>
Subject: Re: [OPSAWG] I-D Action: draft-gont-opsawg-firewalls-analysis-01.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2015 23:55:26 -0000
On 10/19/15 3:16 PM, Mark Andrews wrote: > When one actually wants to use the capabilities we built into the > protocol one then has to fight the firewalls even to get the packet > delivered. Cleaning out old/broken firewalls takes decades. Right, but vendors do love their firewalls. It can take an inordinately long time to get IETF documents out (longer than it takes to design and implement a product feature) and vendors are likely to release products that break DNS before a firewalls draft is done. I've been watching this discussion and getting a strong sense of déjà vu, and I think this is going to be a difficult document to get through the IETF process. It may be preferable, anyway, to focus on a series of protocol- or application-specific firewall problems documents - for example, to move a firewall considerations for DNS document to dnsop. It may be the only way to get consensus about content. Melinda
- Re: [OPSAWG] I-D Action: draft-gont-opsawg-firewa… Brian E Carpenter
- Re: [OPSAWG] I-D Action: draft-gont-opsawg-firewa… Blumenthal, Uri - 0553 - MITLL
- Re: [OPSAWG] I-D Action: draft-gont-opsawg-firewa… Mark Andrews
- Re: [OPSAWG] I-D Action: draft-gont-opsawg-firewa… Melinda Shore
- Re: [OPSAWG] I-D Action: draft-gont-opsawg-firewa… Mark Andrews
- Re: [OPSAWG] I-D Action: draft-gont-opsawg-firewa… Fernando Gont
- Re: [OPSAWG] I-D Action: draft-gont-opsawg-firewa… Fernando Gont