Re: [savi] AD review of draft-ietf-savi-fcfs
Alberto García <alberto@it.uc3m.es> Fri, 14 October 2011 15:26 UTC
Return-Path: <alberto@it.uc3m.es>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0715821F8AB0 for <savi@ietfa.amsl.com>; Fri, 14 Oct 2011 08:26:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NKOc1K5ASXAc for <savi@ietfa.amsl.com>; Fri, 14 Oct 2011 08:26:15 -0700 (PDT)
Received: from smtp01.uc3m.es (smtp01.uc3m.es [163.117.176.131]) by ietfa.amsl.com (Postfix) with ESMTP id B004B21F850E for <savi@ietf.org>; Fri, 14 Oct 2011 08:26:10 -0700 (PDT)
X-uc3m-safe: yes
Received: from BOMBO (unknown [163.117.139.230]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp01.uc3m.es (Postfix) with ESMTP id 0F2D7BDE826; Fri, 14 Oct 2011 17:26:09 +0200 (CEST)
From: Alberto García <alberto@it.uc3m.es>
To: 'Jean-Michel Combes' <jeanmichel.combes@gmail.com>, 'marcelo bagnulo braun' <marcelo@it.uc3m.es>
References: <4DC19DD5.4040209@piuha.net> <4E970019.4000806@it.uc3m.es> <CAA7e52pG7cOyTVUsiPc-W+xusEcKAOzo2MGRnNkno4YoY_zLhA@mail.gmail.com> <CAA7e52o2bOuvS2M-t8z7febN0pV0MPtLBYMgSwVxUierrzBmPw@mail.gmail.com>
In-Reply-To: <CAA7e52o2bOuvS2M-t8z7febN0pV0MPtLBYMgSwVxUierrzBmPw@mail.gmail.com>
Date: Fri, 14 Oct 2011 17:26:13 +0200
Message-ID: <003201cc8a85$9b8fae70$d2af0b50$@it.uc3m.es>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQKMzFUNohsg9HH2F3agzHLZg/XH+QHN8pSdAcSnv+wAXbdLC5Pb6G+w
Content-Language: es
X-TM-AS-Product-Ver: IMSS-7.0.0.3116-6.8.0.1017-18450.000
Cc: draft-ietf-savi-fcfs@tools.ietf.org, 'SAVI Mailing List' <savi@ietf.org>
Subject: Re: [savi] AD review of draft-ietf-savi-fcfs
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2011 15:26:16 -0000
Hi | -----Mensaje original----- | De: savi-bounces@ietf.org [mailto:savi-bounces@ietf.org] En nombre de | Jean-Michel Combes | Enviado el: jueves, 13 de octubre de 2011 17:57 | Para: marcelo bagnulo braun | CC: draft-ietf-savi-fcfs@tools.ietf.org; SAVI Mailing List | Asunto: Re: [savi] AD review of draft-ietf-savi-fcfs | | Sorry, in fact, proxy SEND checks validity of SENDized ND exchanges (draft- | ietf-csi-proxy-send-05, section 5.2.1, 1.B). So, proxy SEND could be used but: | - proxy SEND requires hosts, in the network, are compliant with proxy SEND Yes. We should assume the following scenario (scenario #1): a link in which all receivers are capable of processing proxy SEND messages (aka 'SPND nodes'), and nodes either generate SEND or Proxy SEND messages. | - proxy SEND is not "transparent" and so SAVI device will lose its | "invisibility" feature I don't understand this. Maybe you are thinking about a different deployment scenario to the one I commented above, an alternative way of 'mixing' SAVI and proxy SEND, in which SAVI devices would act as Proxy SEND devices for non-SEND nodes (scenario #2). I think this is a bad idea, because it provides without reason the same confidence to SEND and non-SEND devices, and I'm sure that this is not what we want to do. In the examples shown in the Proxy SEND draft, there is a strong security link between the Proxy SEND device and the proxied nodes. | - proxy SEND requires many actions (certificate management, IP packet | modification, etc) and I am not sure that SAVI device will be able to do this | as in common use cases the SAVI device is a L2 device. In scenario #1, SAVI devices only validate Proxy SEND messages. They only need to have the same capabilities of SPND nodes. So this features you comment are not needed. I think adding proxy SEND validation to SEND SAVI would be quite simple, and without much trouble. Makes sense? If the answer is 'yes', then - I could add some comment on Proxy SEND in the SEND SAVI document - A line in the fcfs-savi document such as the current 'So, when SEND is deployed, it is recommended to use SEND SAVI' (or could be also this alternative text 'So, when SEND or Proxy SEND is deployed, it is recommended to use SEND SAVI') sounds ok to me. Regards, Alberto | - proxy SEND would need an API with FCFS SAVI | | Best regards. | | JMC. | | 2011/10/13 Jean-Michel Combes <jeanmichel.combes@gmail.com>: | > Hi, | > | > 2011/10/13 marcelo bagnulo braun <marcelo@it.uc3m.es>: | >> Hi Jari, | >> | >> Please find the replies below marked with MB> | >> | >> | >> El 04/05/11 20:41, Jari Arkko escribió: | >>> | > | > [snip] | > | >> | >>>> So, when SEND is deployed, it is recommended to use SEND SAVI | >>>> [I-D.ietf-savi-send | >>>> <http://tools.ietf.org/html/draft-ietf-savi-fcfs-09#ref-I-D.ietf-sa | >>>> vi-send>] | >>>> rather than FCFS SAVI." | >>> | >>> Is there some reason why proxy SEND cannot be employed here? | >>> | >> | >> MB> I will let Alberto to reply this one. | > | > This text comes from my review as shepherd of this document. | > | > As proxy SEND doesn't permit to check the validity of SENDized ND | > exchanges, IMHO, proxy SEND cannot be used easily. | > | > Best regards. | > | > JMC. | > | >> | >> Regards, marcelo | >> | >> | >>> Jari | >>> | >>> | >> | >> | >> _______________________________________________ | >> savi mailing list | >> savi@ietf.org | >> https://www.ietf.org/mailman/listinfo/savi | >> | > | _______________________________________________ | savi mailing list | savi@ietf.org | https://www.ietf.org/mailman/listinfo/savi
- [savi] AD review of draft-ietf-savi-fcfs Jari Arkko
- Re: [savi] AD review of draft-ietf-savi-fcfs Erik Nordmark
- Re: [savi] AD review of draft-ietf-savi-fcfs Jari Arkko
- Re: [savi] AD review of draft-ietf-savi-fcfs Erik Nordmark
- Re: [savi] AD review of draft-ietf-savi-fcfs marcelo bagnulo braun
- Re: [savi] AD review of draft-ietf-savi-fcfs Jean-Michel Combes
- Re: [savi] AD review of draft-ietf-savi-fcfs Jean-Michel Combes
- Re: [savi] AD review of draft-ietf-savi-fcfs Alberto García
- Re: [savi] AD review of draft-ietf-savi-fcfs Jean-Michel Combes