IETF Logo Mail Archive

Re: [renum] I-D Action: draft-ietf-6renum-gap-analysis-03.txt

"Di Ma" <madi@cnnic.cn> Fri, 14 September 2012 03:00 UTC

Return-Path: <madi@cnnic.cn>
X-Original-To: renum@ietfa.amsl.com
Delivered-To: renum@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88B1721F863C for <renum@ietfa.amsl.com>; Thu, 13 Sep 2012 20:00:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.545
X-Spam-Level:
X-Spam-Status: No, score=-0.545 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SUPFJrSlG9OM for <renum@ietfa.amsl.com>; Thu, 13 Sep 2012 20:00:20 -0700 (PDT)
Received: from cnnic.cn (smtp.cnnic.cn [159.226.7.146]) by ietfa.amsl.com (Postfix) with SMTP id CA92221F8639 for <renum@ietf.org>; Thu, 13 Sep 2012 20:00:11 -0700 (PDT)
X-EYOUMAIL-SMTPAUTH: madi@cnnic.cn
Received: from unknown127.0.0.1 (HELO user-think) (127.0.0.1) by 127.0.0.1 with SMTP; Fri, 14 Sep 2012 11:00:07 +0800
Date: Fri, 14 Sep 2012 11:00:04 +0800
From: Di Ma <madi@cnnic.cn>
To: 蒋胜 <jiangsheng@huawei.com>
References: <20120904033758.18836.26105.idtracker@ietfa.amsl.com>, <5D36713D8A4E7348A7E10DF7437A4B9239F3A393@szxeml545-mbx.china.huawei.com>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.0.1.90[cn]
Mime-Version: 1.0
Message-ID: <201209141100044525538@cnnic.cn>
Content-Type: multipart/alternative; boundary="----=_001_NextPart172282378841_=----"
Cc: 6renum <renum@ietf.org>
Subject: Re: [renum] I-D Action: draft-ietf-6renum-gap-analysis-03.txt
X-BeenThere: renum@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: madi <madi@cnnic.cn>
List-Id: "Renumbering discussion mailing list." <renum.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/renum>, <mailto:renum-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/renum>
List-Post: <mailto:renum@ietf.org>
List-Help: <mailto:renum-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/renum>, <mailto:renum-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Sep 2012 03:00:21 -0000

I am in favor of moving forward this work. 
 
Yet as a document providing a basis for future works that identify and develop solutions or to stimulate such development as appropriate, this draft might make IPSec Security Association (SA) management included, considering IPSec SA is a kind of IP address oriented “connection” that cannot function after the change of the involved IP addresses, which means extra configuration of SA parameters is inevitable after network renumbering. 
 
So, I propose adding some words into this draft as Section 8.3 (IPSec SA Management), a sector of Section 8 (Miscellaneous), which is described as follows:
 
Network renumbering events get networking mechanisms that are bound to IP addresses, or applications using specific IP addresses, involved. As defined in [RFC4301], IPSec Security Association (SA), as a kind of IP address oriented “connection”, cannot function after the change of the involved IP addresses, which means extra configuration of SA parameters is inevitable after network renumbering. 
 
SA is a “connection” that provides security services to the traffic carried by it and details the key and algorithm that the IPSec connection relies on. SA can be established with manual configuration by the administrator. IKEv2 [RFC5996] eliminates manual reconfiguration. It employs two rounds of message exchanges. The first exchange of messages establishes a trust relationship between the two IKEv2 participants. This exchange uses two authentication methods, digital signature and pre-shared key. The digital signature method needs certificate management. If the participants are not configured with the same trust anchor, certificate-based IKEv2 cannot be realized. While the pre-shared key method is the simpler of the authentication methods for IKEv2 and pre-shared keys are tied to particular IP addresses, unlike public key certificates used by digital signature method. Pre-shared key method cannot be used with mobile systems or systems that may be renumbered, unless the renumbering is within the previously determined range of IP addresses. Also, when pre-shared key is employed, IKEv2 computations cannot be offloaded to the attached hardware. Therefore, pre-shared key method fails to be a pure automatic one and does not go well with network renumbering. A mechanism that is able to integrate SA management into IP address assignment in an automatic and an adaptive manner is desired to go with network renumbering.





Di Ma 
CNNIC Advanced Research Department
___________________________________________________
China Internet Network Information Center
Tel: (8610)-58813216
Https://www.cnnic.cn
Add: 4, South 4th Street, Zhongguancun
Haidian District, Beijing
P.R.China 100190
POB: Beijing 349, Branch 6
____________________________________________________

From: Sheng Jiang
Date: 2012-09-04 11:44
To: internet-drafts@ietf.org; i-d-announce@ietf.org
CC: renum@ietf.org
Subject: Re: [renum] I-D Action: draft-ietf-6renum-gap-analysis-03.txt
A new version with minor editorial modifications are submitted. Your review and comments are appreciated.

Best regards,

Sheng

>-----Original Message-----
>From: renum-bounces@ietf.org [mailto:renum-bounces@ietf.org] On Behalf
>Of internet-drafts@ietf.org
>Sent: Tuesday, September 04, 2012 11:38 AM
>To: i-d-announce@ietf.org
>Cc: renum@ietf.org
>Subject: [renum] I-D Action: draft-ietf-6renum-gap-analysis-03.txt
>
>
>A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the IPv6 Site Renumbering Working Group of the
>IETF.
>
> Title           : IPv6 Site Renumbering Gap Analysis
> Author(s)       : Bing Liu
>                          Sheng Jiang
>                          Brian Carpenter
>                          Stig Venaas
> Filename        : draft-ietf-6renum-gap-analysis-03.txt
> Pages           : 20
> Date            : 2012-09-03
>
>Abstract:
>   This document briefly introduces the existing mechanisms could be
>   utilized by IPv6 site renumbering and tries to cover most of the
>   explicit issues and requirements of IPv6 renumbering. Through the gap
>   analysis, the document provides a basis for future works that
>   identify and develop solutions or to stimulate such development as
>   appropriate. The gap analysis is presented following a renumbering
>   event procedure clue.
>
>
>
>
>The IETF datatracker status page for this draft is:
>https://datatracker.ietf.org/doc/draft-ietf-6renum-gap-analysis
>
>There's also a htmlized version available at:
>http://tools.ietf.org/html/draft-ietf-6renum-gap-analysis-03
>
>A diff from the previous version is available at:
>http://www.ietf.org/rfcdiff?url2=draft-ietf-6renum-gap-analysis-03
>
>
>Internet-Drafts are also available by anonymous FTP at:
>ftp://ftp.ietf.org/internet-drafts/
>
>_______________________________________________
>renum mailing list
>renum@ietf.org
>https://www.ietf.org/mailman/listinfo/renum
_______________________________________________
renum mailing list
renum@ietf.org
https://www.ietf.org/mailman/listinfo/renum

v2.23.0 | Report a Bug | By Email