[SAFE] RE: [tsv-area] BOF request under consideration: SAFE
"Dan Wing" <dwing@cisco.com> Tue, 09 October 2007 19:43 UTC
Return-path: <safe-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IfKz3-0002pP-ST; Tue, 09 Oct 2007 15:43:13 -0400
Received: from safe by megatron.ietf.org with local (Exim 4.43) id 1IfKz1-0002p9-Uk for safe-confirm+ok@megatron.ietf.org; Tue, 09 Oct 2007 15:43:11 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IfKyw-0002mw-QT; Tue, 09 Oct 2007 15:43:06 -0400
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IfKyv-0001Jm-Cf; Tue, 09 Oct 2007 15:43:06 -0400
X-IronPort-AV: E=Sophos;i="4.21,250,1188802800"; d="scan'208";a="22354175"
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-1.cisco.com with ESMTP; 09 Oct 2007 12:43:04 -0700
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id l99Jh4er019627; Tue, 9 Oct 2007 12:43:04 -0700
Received: from dwingwxp01 ([10.32.240.195]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l99Jh4Zp019511; Tue, 9 Oct 2007 19:43:04 GMT
From: Dan Wing <dwing@cisco.com>
To: Black_David@emc.com
References: <470A480C.4040506@ericsson.com> <FF29F13E2D78C047B4B79F4E062D0363387938@CORPUSMX20A.corp.emc.com>
Date: Tue, 09 Oct 2007 12:43:04 -0700
Message-ID: <09ec01c80aac$9bf1d8f0$c3f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.3138
Thread-Index: AcgJvZ0rI60KpXPdQB6jKQIn8+/2ywADLx3QADhZ4oA=
In-Reply-To: <FF29F13E2D78C047B4B79F4E062D0363387938@CORPUSMX20A.corp.emc.com>
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=5586; t=1191958984; x=1192822984; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[tsv-area]=20BOF=20request=20under=20consideration=3A =20SAFE |Sender:=20; bh=ptBSOaM/rlBxIS+CVNNM7bcd+DAEiSUPFLr2Mnzfa80=; b=QF5RRcqNyihT4dlWgDxyqJB4KfRbu+BtHTH+J3FycLWqSBGc5GtpD2z8fPB4VoBG72ogAVXm XYGt88p/Ehlw+/rLDxSiR08Vh8o6ai1q0b47TFRuGoBs3FdF1rN9Y5eQ;
Authentication-Results: sj-dkim-2; header.From=dwing@cisco.com; dkim=pass (s ig from cisco.com/sjdkim2002 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: 87a3f533bb300b99e2a18357f3c1563d
Cc: safe@ietf.org, tsv-area@ietf.org
Subject: [SAFE] RE: [tsv-area] BOF request under consideration: SAFE
X-BeenThere: safe@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Self-Address Fixing Evolution <safe.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/safe>
List-Post: <mailto:safe@ietf.org>
List-Help: <mailto:safe-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=subscribe>
Errors-To: safe-bounces@ietf.org
Hi, David. I am aware of IPsec-over-UDP (RFC3947, RFC3948), but I'm not sure how it applies in a comparison of MIDCOM, UPnP, NSIS-NSLP, NAT-PMP, and STUN/ICE. -d > -----Original Message----- > From: Black_David@emc.com [mailto:Black_David@emc.com] > Sent: Monday, October 08, 2007 9:52 AM > To: magnus.westerlund@ericsson.com; tsv-area@ietf.org; safe@ietf.org > Cc: Black_David@emc.com > Subject: RE: [tsv-area] BOF request under consideration: SAFE > > Magnus, > > IKE and IKEv2 NAT Traversal for IPsec (also widely deployed, e.g., > I believe my VPN client is using it to send this message ;-) ...) > are not on the list of related technologies. This might be an > omission, but I suspect that the (assumed) problem definition > for SAFE may exclude IPsec (e.g., IKE and IKEv2 have a different > security model for which a server like the STUN server may be > problematic). This should be clarified. > > Thanks, > --David > ---------------------------------------------------- > David L. Black, Senior Technologist > EMC Corporation, 176 South St., Hopkinton, MA 01748 > +1 (508) 293-7953 FAX: +1 (508) 293-7786 > black_david@emc.com Mobile: +1 (978) 394-7754 > ---------------------------------------------------- > > > -----Original Message----- > > From: Magnus Westerlund [mailto:magnus.westerlund@ericsson.com] > > Sent: Monday, October 08, 2007 11:09 AM > > To: TSV Area; Behave WG; mmusic (E-mail) > > Subject: [tsv-area] BOF request under consideration: SAFE > > > > Hi, > > > > We ADs have received a request for a BOF in Vancouver: SAFE - > > Self-Address Fixing Evolution. See description below. I would > appreciate > > any feedback on this. For public discussion please use the SAFE > mailing > > list. > > > > Post: safe@ietf.org > > Subscribe: https://www1.ietf.org/mailman/listinfo/safe > > > > Draft: > > > http://www.ietf.org/internet-drafts/draft-wing-behave-nat-cont > rol-stun-u > sage-03.txt > > > > > > SAFE - Self-Address Fixing Evolution > > ------------------------------------ > > > > Chairs: > > TBD > > > > > > ICE and its companion protocol STUN have been successfully > deployed on > > the Internet for NAT traversal. ICE and STUN have several > characteristics > > which contribute to their success: > > > > 1. incremental deployment. ICE and STUN are functional > without any > > modifications to existing NATs. > > 2. nested NATs. ICE and STUN work when there are multiple NATs > > between a host and the Internet. > > 3. topology unaware. ICE and STUN are not configured with > > information about NATs, firewalls, or their locations -- only > > with the IP address of a server on the Internet. > > 4. simple security model. If a host behind a NAT is > allowed to send > > a packet across the NAT, it is allowed to receive a response. > > 5. works on routed networks, which allows operation in both > > enterprise networks and home networks. > > > > Other NAT traversal protocols do not share these characteristics, > > which hinders their widespread deployment. Specifically, > > > > * incremental deployment is not possible with MIDCOM, NSIS-NSLP, > > UPnP, or Bonjour. With all of these protocols, both the NAT > > and the endpoint have to support the same protocol. > > * nested NATs are not possible with UPnP or Bonjour. > > * topology awareness is required of MIDCOM. > > * security must be established between the controlling entity > > and the NAT for MIDCOM and NSIS-NSLP. > > * Both UPnP and Bonjour use broadcast packets which don't work > > well on routed networks. > > > > However, a drawback of ICE/STUN is its chatty keepalive traffic, > > which is a result of STUN not knowing the binding lifetime of its > > on-path NATs. This chattiness causes a burden on servers and > > consumes network bandwidth, which is especially critical on wireless > > networks. It is desirable to reduce this chattiness while still > > retaining the important characteristics of STUN and ICE. > > > > This BoF is intended to discuss one proposed technique, > > draft-wing-behave-nat-control-stun-usage, which nearly eliminates > > STUN's keepalive chatter and still preserves the desirable > > characteristics of STUN/ICE. > > > > The purpose of this BoF is to create a working group for > this effort. > > > > > > Agenda: > > Introduction, Agenda .................................... 5 > > Summary of existing NAT traversal techniques ............ 40 > > (UPnP, NAT-PMP/Bonjour, MIDCOM techniques, NSIS-NSLP, ICE) > > draft-wing-behave-nat-control-stun-usage ................ 40 > > Q&A ..................................................... 25 > > ---------- > > total: 110 > > > > Cheers > > > > Magnus Westerlund > > > > IETF Transport Area Director & TSVWG Chair > > > ---------------------------------------------------------------------- > > Multimedia Technologies, Ericsson Research EAB/TVM/M > > > ---------------------------------------------------------------------- > > Ericsson AB | Phone +46 8 4048287 > > Torshamsgatan 23 | Fax +46 8 7575550 > > S-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com > > > ---------------------------------------------------------------------- > > > > > > > > _______________________________________________ SAFE mailing list SAFE@ietf.org https://www1.ietf.org/mailman/listinfo/safe
- [SAFE] RE: [tsv-area] BOF request under considera… Black_David
- [SAFE] RE: [tsv-area] BOF request under considera… Dan Wing
- [SAFE] RE: [tsv-area] BOF request under considera… Black_David
- [SAFE] RE: [tsv-area] BOF request under considera… Dan Wing
- RE: [SAFE] RE: [tsv-area] BOF request under consi… Markus.Isomaki
- [SAFE] RE: [BEHAVE] BOF request under considerati… Markus.Isomaki
- [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF request … Magnus Westerlund
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Dan Wing
- Re: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Rémi Denis-Courmont
- Re: [SAFE] RE: [BEHAVE] BOF request under conside… Philip Matthews
- Re: [SAFE] RE: [BEHAVE] BOF request under conside… Rémi Denis-Courmont
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Dan Wing
- RE: [SAFE] RE: [BEHAVE] BOF request under conside… Dan Wing
- Re: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Rémi Denis-Courmont
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Dan Wing
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Pekka Savola
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Markus.Isomaki
- RE: [SAFE] FW: [OPS-AREA] FW: [tsv-area] BOF requ… Dan Wing