IETF Logo Mail Archive

[SAFE] RE: [tsv-area] BOF request under consideration: SAFE

Black_David@emc.com Tue, 09 October 2007 22:11 UTC

Return-path: <safe-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IfNIY-0007aW-8A; Tue, 09 Oct 2007 18:11:30 -0400
Received: from safe by megatron.ietf.org with local (Exim 4.43) id 1IfNIX-0007aH-RO for safe-confirm+ok@megatron.ietf.org; Tue, 09 Oct 2007 18:11:29 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IfNIX-0007YV-FQ; Tue, 09 Oct 2007 18:11:29 -0400
Received: from mexforward.lss.emc.com ([128.222.32.20]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IfNIM-0001Bo-M5; Tue, 09 Oct 2007 18:11:19 -0400
Received: from mailhub.lss.emc.com (uraeus.lss.emc.com [10.254.144.14]) by mexforward.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id l99MBE0B009466; Tue, 9 Oct 2007 18:11:14 -0400 (EDT)
Received: from corpussmtp2.corp.emc.com (corpussmtp2.corp.emc.com [128.221.14.146]) by mailhub.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id l99MB17t025456; Tue, 9 Oct 2007 18:11:11 -0400 (EDT)
From: Black_David@emc.com
Received: from CORPUSMX20A.corp.emc.com ([128.221.62.11]) by corpussmtp2.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 9 Oct 2007 18:10:54 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 09 Oct 2007 18:10:54 -0400
Message-ID: <FF29F13E2D78C047B4B79F4E062D0363387968@CORPUSMX20A.corp.emc.com>
In-Reply-To: <09ec01c80aac$9bf1d8f0$c3f0200a@cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tsv-area] BOF request under consideration: SAFE
thread-index: AcgJvZ0rI60KpXPdQB6jKQIn8+/2ywADLx3QADhZ4oAABTDrAA==
References: <470A480C.4040506@ericsson.com> <FF29F13E2D78C047B4B79F4E062D0363387938@CORPUSMX20A.corp.emc.com> <09ec01c80aac$9bf1d8f0$c3f0200a@cisco.com>
To: dwing@cisco.com
X-OriginalArrivalTime: 09 Oct 2007 22:10:54.0971 (UTC) FILETIME=[430954B0:01C80AC1]
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.5.1.298604, Antispam-Data: 2007.8.30.51425
X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -3, NO_REAL_NAME 0, __C230066_P5 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0'
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2a76bcd37b1c8a21336eb0a1ea6bbf48
Cc: safe@ietf.org, tsv-area@ietf.org
Subject: [SAFE] RE: [tsv-area] BOF request under consideration: SAFE
X-BeenThere: safe@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Self-Address Fixing Evolution <safe.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/safe>
List-Post: <mailto:safe@ietf.org>
List-Help: <mailto:safe-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=subscribe>
Errors-To: safe-bounces@ietf.org

Dan,

Section 2.23 of RFC 4306 is also part of this technology.

I'm also not sure how any of this applies to the BoF.  The
BoF proposal should probably contain a few sentences to
say that IPsec NAT Traversal is a different problem,
including a brief explanation of why it's different, and
state that therefore it's outside the scope of the BoF.

Thanks,
--David
----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------

> -----Original Message-----
> From: Dan Wing [mailto:dwing@cisco.com] 
> Sent: Tuesday, October 09, 2007 3:43 PM
> To: Black, David
> Cc: magnus.westerlund@ericsson.com; tsv-area@ietf.org; safe@ietf.org
> Subject: RE: [tsv-area] BOF request under consideration: SAFE
> 
> Hi, David.  
> 
> I am aware of IPsec-over-UDP (RFC3947, RFC3948), but I'm not sure 
> how it applies in a comparison of MIDCOM, UPnP, NSIS-NSLP, 
> NAT-PMP, and STUN/ICE.
> 
> -d
> 
> 
> > -----Original Message-----
> > From: Black_David@emc.com [mailto:Black_David@emc.com] 
> > Sent: Monday, October 08, 2007 9:52 AM
> > To: magnus.westerlund@ericsson.com; tsv-area@ietf.org; safe@ietf.org
> > Cc: Black_David@emc.com
> > Subject: RE: [tsv-area] BOF request under consideration: SAFE
> > 
> > Magnus,
> > 
> > IKE and IKEv2 NAT Traversal for IPsec (also widely deployed, e.g.,
> > I believe my VPN client is using it to send this message ;-) ...)
> > are not on the list of related technologies.  This might be an
> > omission, but I suspect that the (assumed) problem definition
> > for SAFE may exclude IPsec (e.g., IKE and IKEv2 have a different
> > security model for which a server like the STUN server may be
> > problematic).  This should be clarified.
> > 
> > Thanks,
> > --David
> > ----------------------------------------------------
> > David L. Black, Senior Technologist
> > EMC Corporation, 176 South St., Hopkinton, MA  01748
> > +1 (508) 293-7953             FAX: +1 (508) 293-7786
> > black_david@emc.com        Mobile: +1 (978) 394-7754
> > ----------------------------------------------------
> > 
> > > -----Original Message-----
> > > From: Magnus Westerlund [mailto:magnus.westerlund@ericsson.com] 
> > > Sent: Monday, October 08, 2007 11:09 AM
> > > To: TSV Area; Behave WG; mmusic (E-mail)
> > > Subject: [tsv-area] BOF request under consideration: SAFE
> > > 
> > > Hi,
> > > 
> > > We ADs have received a request for a BOF in Vancouver: SAFE -
> > > Self-Address Fixing Evolution. See description below. I would
> > appreciate
> > > any feedback on this. For public discussion please use the SAFE
> > mailing
> > > list.
> > > 
> > > Post: safe@ietf.org
> > > Subscribe: https://www1.ietf.org/mailman/listinfo/safe
> > > 
> > > Draft:
> > >
> > http://www.ietf.org/internet-drafts/draft-wing-behave-nat-cont
> > rol-stun-u
> > sage-03.txt
> > > 
> > > 
> > > SAFE - Self-Address Fixing Evolution
> > > ------------------------------------
> > > 
> > > Chairs:
> > >   TBD
> > > 
> > > 
> > > ICE and its companion protocol STUN have been successfully 
> > deployed on
> > > the Internet for NAT traversal.  ICE and STUN have several
> > characteristics
> > > which contribute to their success:
> > > 
> > >   1. incremental deployment.  ICE and STUN are functional 
> > without any
> > >      modifications to existing NATs.
> > >   2. nested NATs.  ICE and STUN work when there are multiple NATs
> > >      between a host and the Internet.
> > >   3. topology unaware.  ICE and STUN are not configured with
> > >      information about NATs, firewalls, or their locations -- only
> > >      with the IP address of a server on the Internet.
> > >   4. simple security model.  If a host behind a NAT is 
> > allowed to send
> > >      a packet across the NAT, it is allowed to receive a response.
> > >   5. works on routed networks, which allows operation in both
> > >      enterprise networks and home networks.
> > > 
> > > Other NAT traversal protocols do not share these characteristics,
> > > which hinders their widespread deployment.  Specifically,
> > > 
> > >   * incremental deployment is not possible with MIDCOM, NSIS-NSLP,
> > >     UPnP, or Bonjour.  With all of these protocols, both the NAT
> > >     and the endpoint have to support the same protocol.
> > >   * nested NATs are not possible with UPnP or Bonjour.
> > >   * topology awareness is required of MIDCOM.
> > >   * security must be established between the controlling entity
> > >     and the NAT for MIDCOM and NSIS-NSLP.
> > >   * Both UPnP and Bonjour use broadcast packets which don't work
> > >     well on routed networks.
> > > 
> > > However, a drawback of ICE/STUN is its chatty keepalive traffic,
> > > which is a result of STUN not knowing the binding lifetime of its
> > > on-path NATs.  This chattiness causes a burden on servers and
> > > consumes network bandwidth, which is especially critical 
> on wireless
> > > networks.  It is desirable to reduce this chattiness while still
> > > retaining the important characteristics of STUN and ICE.
> > > 
> > > This BoF is intended to discuss one proposed technique,
> > > draft-wing-behave-nat-control-stun-usage, which nearly eliminates
> > > STUN's keepalive chatter and still preserves the desirable
> > > characteristics of STUN/ICE.
> > > 
> > > The purpose of this BoF is to create a working group for 
> > this effort.
> > > 
> > > 
> > > Agenda:
> > >   Introduction, Agenda ....................................  5
> > >   Summary of existing NAT traversal techniques ............ 40
> > >    (UPnP, NAT-PMP/Bonjour, MIDCOM techniques, NSIS-NSLP, ICE)
> > >   draft-wing-behave-nat-control-stun-usage ................ 40
> > >   Q&A ..................................................... 25
> > >                                                     ----------
> > >                                                     total: 110
> > > 
> > > Cheers
> > > 
> > > Magnus Westerlund
> > > 
> > > IETF Transport Area Director & TSVWG Chair
> > > 
> > 
> ----------------------------------------------------------------------
> > > Multimedia Technologies, Ericsson Research EAB/TVM/M
> > > 
> > 
> ----------------------------------------------------------------------
> > > Ericsson AB                | Phone +46 8 4048287
> > > Torshamsgatan 23           | Fax   +46 8 7575550
> > > S-164 80 Stockholm, Sweden | mailto: 
> magnus.westerlund@ericsson.com
> > > 
> > 
> ----------------------------------------------------------------------
> > > 
> > > 
> > > 
> > > 
> 
> 


_______________________________________________
SAFE mailing list
SAFE@ietf.org
https://www1.ietf.org/mailman/listinfo/safe

v2.23.0 | Report a Bug | By Email