Re: [renum] Working Group Last Call: draft-ietf-6renum-gap-analysis-03.txt
RJ Atkinson <rja.lists@gmail.com> Wed, 19 September 2012 18:39 UTC
Return-Path: <rja.lists@gmail.com>
X-Original-To: renum@ietfa.amsl.com
Delivered-To: renum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64E4621F84C5 for <renum@ietfa.amsl.com>; Wed, 19 Sep 2012 11:39:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WAh7GH550whb for <renum@ietfa.amsl.com>; Wed, 19 Sep 2012 11:39:55 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id B1ABF21F843A for <renum@ietf.org>; Wed, 19 Sep 2012 11:39:55 -0700 (PDT)
Received: by qcac10 with SMTP id c10so1229662qca.31 for <renum@ietf.org>; Wed, 19 Sep 2012 11:39:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; bh=DygS/PUjTZuaEucTwlPz5yjjuoIwcmPV9/avpavWwPc=; b=XZVFWq6rLBpuf5haAr+9FsXpQhfzbzbUILq5YHaJRZJaO0lLLzxdPXfZ235LxY0jVa Gtd0F60vUy/BD11vkp5db8M8Sg3M7M74oxg2qcD4r6XeAY6/vq/AFPEXuHxWJ7ZcdXmC OSn+7v2fuNGZErrdwyrKxGtZEYSKg4Dnuzo9roZEA7f/tn3jfF1BrzHJeRTtRw7z8dWG FvicZOzN1mxQmRzDVRu7rh4+VJkxjPo8Wc+38sOC4QAs/ppcAFU4It54UVZeSSekfT9a 8uO9EsfCdtZKZto184/TWT8wY19ubljUwmUs6snffRpBAzJWbHY2mB/ASWh8xTh+xHVc O34A==
Received: by 10.229.137.132 with SMTP id w4mr2528176qct.155.1348079995091; Wed, 19 Sep 2012 11:39:55 -0700 (PDT)
Received: from [10.30.20.13] (pool-74-110-100-136.nrflva.fios.verizon.net. [74.110.100.136]) by mx.google.com with ESMTPS id e5sm4888496qao.11.2012.09.19.11.39.52 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 19 Sep 2012 11:39:53 -0700 (PDT)
From: RJ Atkinson <rja.lists@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Date: Wed, 19 Sep 2012 14:39:51 -0400
Message-Id: <C89AB8B8-78B6-4482-9E34-5DE04B6C537D@gmail.com>
To: renum@ietf.org
Mime-Version: 1.0 (Apple Message framework v1278)
X-Mailer: Apple Mail (2.1278)
Subject: Re: [renum] Working Group Last Call: draft-ietf-6renum-gap-analysis-03.txt
X-BeenThere: renum@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Renumbering discussion mailing list." <renum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/renum>, <mailto:renum-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/renum>
List-Post: <mailto:renum@ietf.org>
List-Help: <mailto:renum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/renum>, <mailto:renum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Sep 2012 18:39:56 -0000
>> Earlier, Marc Lampo wrote: >> One element is that in practice, not all devices "out there" >> (some very widely used) are not capable of defining the >> valid addresses on an IPSEC endpoint via DNS. (With a confused look on my face) I'm aware of numerous IPsec devices that do support the use of FQDNs, in addition to IP addresses, as IPsec SA endpoint identifiers. Multiple products (e.g. from Cisco, from Juniper [both JunOS and also ex-Netscreen products running ScreenOS], and other products from many suppliers) support this -- and have done for many many years now. In fact, I'm not aware of any IKEv1 or IKEv2 implementations that lack this, since it was in the very very early specifications for ISAKMP/IKE. However, in many cases, users don't seem to realise that the capability exists, which is partly why the capability was noted in RFC-5887 and is repeated here. An example of a "very widely used" IPsec implementation that can't do this would be informative, to me at least, if not on-list, then perhaps in a quick unicast email. Later, Brian Carpenter wrote: > True, that's an implementation and deployment gap, > not a protocol gap. All we can do in the IETF is document > this kind of gap, since we don't control implementations. Agreed. To the extent that some IPsec implementation(s) d(oes)n't comply with long-standing (well over a decade old) IETF specs, that issue is outside the scope of an IETF WG. However, the best information I have, and I've done some online checks today (without figuring out which item Marc is referring to), is that this capability is widely implemented and available -- albeit not so widely deployed. > Nothing works if people don't use the global DNS correctly, ... Agreed. Yours, Ran
- [renum] Working Group Last Call: draft-ietf-6renu… Howard, Lee
- Re: [renum] Working Group Last Call: draft-ietf-6… Fuyu (Eleven)
- Re: [renum] Working Group Last Call: draft-ietf-6… George, Wes
- Re: [renum] Working Group Last Call: draft-ietf-6… Brian E Carpenter
- Re: [renum] Working Group Last Call: draft-ietf-6… Liubing (Leo)
- Re: [renum] Working Group Last Call: draft-ietf-6… George, Wes
- Re: [renum] Working Group Last Call: draft-ietf-6… George, Wes
- Re: [renum] Working Group Last Call: draft-ietf-6… Marc Lampo
- Re: [renum] Working Group Last Call: draft-ietf-6… Brian E Carpenter
- Re: [renum] Working Group Last Call: draft-ietf-6… Liubing (Leo)
- Re: [renum] Working Group Last Call: draft-ietf-6… Liubing (Leo)
- Re: [renum] Working Group Last Call: draft-ietf-6… RJ Atkinson
- Re: [renum] Working Group Last Call: draft-ietf-6… Shane Amante