RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requestunderconsideration: SAFE
"Dan Wing" <dwing@cisco.com> Mon, 15 October 2007 15:31 UTC
Return-path: <safe-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IhRuQ-0001c1-Ox; Mon, 15 Oct 2007 11:31:10 -0400
Received: from safe by megatron.ietf.org with local (Exim 4.43) id 1IhRuP-0001Y0-NT for safe-confirm+ok@megatron.ietf.org; Mon, 15 Oct 2007 11:31:09 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IhRuO-0001UI-Pl for safe@ietf.org; Mon, 15 Oct 2007 11:31:08 -0400
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IhRuO-0001hl-Dg for safe@ietf.org; Mon, 15 Oct 2007 11:31:08 -0400
X-IronPort-AV: E=Sophos;i="4.21,278,1188802800"; d="scan'208";a="535466354"
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-3.cisco.com with ESMTP; 15 Oct 2007 08:30:46 -0700
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id l9FFUkEU006877; Mon, 15 Oct 2007 08:30:46 -0700
Received: from dwingwxp01 ([10.32.240.195]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id l9FFUksZ002569; Mon, 15 Oct 2007 15:30:46 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Rémi Denis-Courmont' <remi.denis-courmont@nokia.com>
References: <470E262B.1080505@ericsson.com> <200710121159.41676.remi.denis-courmont@nokia.com> <0dfa01c80cf3$89063210$c3f0200a@cisco.com> <200710151638.28827.remi.denis-courmont@nokia.com>
Subject: RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requestunderconsideration: SAFE
Date: Mon, 15 Oct 2007 08:30:46 -0700
Message-ID: <14cd01c80f40$5bd35800$c3f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <200710151638.28827.remi.denis-courmont@nokia.com>
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.3138
Thread-Index: AcgPMKFaKpabNEj8Sh+Iji5WyrHY8gADss/g
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1065; t=1192462246; x=1193326246; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[SAFE]=20FW=3A=20[OPS-AREA]=20FW=3A=20[tsv-area]=20BO F=20requestunderconsideration=3A=20SAFE |Sender:=20; bh=UF1mIfFYRrI2TnckwCZ2Q2tX8DNC9FancK3ILD7if8A=; b=KyK2sl5tNvrJxp1lZaKDF3JsoqQeF8jukR7xvlcQbd7m9Rmhuus5le+95w64l/ykJxkEXgKc HGeBFDaiBHxzsLdQYIhYB1J+ank53GUlimJ3dKhFjgfhfgAkxdgoDlHD;
Authentication-Results: sj-dkim-4; header.From=dwing@cisco.com; dkim=pass (s ig from cisco.com/sjdkim4002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab
Cc: safe@ietf.org
X-BeenThere: safe@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Self-Address Fixing Evolution <safe.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/safe>
List-Post: <mailto:safe@ietf.org>
List-Help: <mailto:safe-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=subscribe>
Errors-To: safe-bounces@ietf.org
> Le Friday 12 October 2007 20:15:48 ext Dan Wing, vous avez écrit : > > But, thinking aloud: after Teredo qualification the Teredo client > > could send a STUN packet to a STUN server (running on the same host > > it ran its Teredo qualification against), and get that STUN packet > > tagged. So long as the UDP packets to those different UDP ports > > were routed the same, the same firewalls would be traversed. > > Yes, but that adds a dependency on an otherwise not needed > server only for the sake of STUN control. Right; but I don't know if that's harder than multiplexing the same code on UDP/500 or UDP/4500, though. My worry about IKE is that the IP address hashing was done on purpose, and I don't know what that purpose was. Learning your public IP address (and UDP port) must have been considered sensitive information to some; of course the various tell-me-my-address services on the Internet makes that a moot argument. I agree putting the STUN server on the same port as IKE would be best. -d _______________________________________________ SAFE mailing list SAFE@ietf.org https://www1.ietf.org/mailman/listinfo/safe
- [SAFE] RE: [tsv-area] BOF request under considera… Black_David
- [SAFE] RE: [tsv-area] BOF request under considera… Dan Wing
- [SAFE] RE: [tsv-area] BOF request under considera… Black_David
- [SAFE] RE: [tsv-area] BOF request under considera… Dan Wing
- RE: [SAFE] RE: [tsv-area] BOF request under consi… Markus.Isomaki
- [SAFE] RE: [BEHAVE] BOF request under considerati… Markus.Isomaki
- [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF request … Magnus Westerlund
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Dan Wing
- Re: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Rémi Denis-Courmont
- Re: [SAFE] RE: [BEHAVE] BOF request under conside… Philip Matthews
- Re: [SAFE] RE: [BEHAVE] BOF request under conside… Rémi Denis-Courmont
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Dan Wing
- RE: [SAFE] RE: [BEHAVE] BOF request under conside… Dan Wing
- Re: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Rémi Denis-Courmont
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Dan Wing
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Pekka Savola
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Markus.Isomaki
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Dan Wing