Re: [savi] SAVI solution proposal from Jun Bi et al.
"Jun Bi" <junbi@cernet.edu.cn> Sun, 27 July 2008 22:15 UTC
Return-Path: <junbi@cernet.edu.cn>
X-Original-To: savi@core3.amsl.com
Delivered-To: savi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5E15F3A6A04 for <savi@core3.amsl.com>; Sun, 27 Jul 2008 15:15:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.057
X-Spam-Level: **
X-Spam-Status: No, score=2.057 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HAS_XAIMC=2.696, RCVD_IN_BL_SPAMCOP_NET=1.96]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xHMcPKXTJQMH for <savi@core3.amsl.com>; Sun, 27 Jul 2008 15:15:34 -0700 (PDT)
Received: from cernet.edu.cn (sea.net.edu.cn [202.112.3.66]) by core3.amsl.com (Postfix) with SMTP id DE5863A6809 for <savi@ietf.org>; Sun, 27 Jul 2008 15:15:30 -0700 (PDT)
Received: from userPC([130.129.64.64]) by cernet.edu.cn(AIMC 3.2.0.0) with SMTP id jmb488d5876; Mon, 28 Jul 2008 06:15:36 +0800
Message-ID: <8AD38A9345F641A4A2D967730C19E659@userPC>
From: Jun Bi <junbi@cernet.edu.cn>
To: Fred Baker <fred@cisco.com>, Christian Vogt <christian.vogt@nomadiclab.com>
References: <74216AB8-6350-479B-9653-C059E34EA335@nomadiclab.com><3E27B09A-9FCB-4E9D-A8E4-5CDFFBDCD56E@nomadiclab.com> <2F18A2B5-88E7-4A14-A912-2CE92EC3DB9B@cisco.com>
In-Reply-To: <2F18A2B5-88E7-4A14-A912-2CE92EC3DB9B@cisco.com>
Date: Sun, 27 Jul 2008 23:15:02 +0100
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="response"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6000.16480
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16545
X-AIMC-AUTH: junbi
X-AIMC-MAILFROM: junbi@cernet.edu.cn
X-AIMC-Msg-ID: lae6OXUB
Cc: Guang Yao <yaog@netarchlab.tsinghua.edu.cn>, SAVI Mailing List <savi@ietf.org>
Subject: Re: [savi] SAVI solution proposal from Jun Bi et al.
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mailing list for the SAVI WG <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Jul 2008 22:15:35 -0000
Hi All, This is the latest version of the proposal, which I will present tomorrow: http://www.ietf.org/internet-drafts/draft-bi-savi-csa-00.txt Please give us your valuable comments. Thank you! Best Regards, Jun bi ----- Original Message ----- From: "Fred Baker" <fred@cisco.com> To: "Christian Vogt" <christian.vogt@nomadiclab.com> Cc: "Guang Yao" <yaog@netarchlab.tsinghua.edu.cn>; "SAVI Mailing List" <savi@ietf.org> Sent: Friday, July 18, 2008 8:45 PM Subject: Re: [savi] SAVI solution proposal from Jun Bi et al. > Gee. Could we get these things posted as internet drafts? > > On Jul 18, 2008, at 12:34 PM, Christian Vogt wrote: > >> I am forwarding to you a SAVI solution proposal from Jun Bi et >> al., as well as a first review of this proposal from myself. >> Reviews and comments from other folks are very welcome, of course. >> >> Kind regards, >> - Christian >> >> >> >> Begin forwarded message: >> >>> From: Christian Vogt <christian.vogt@nomadiclab.com> >>> Date: July 18, 2008 15:36:08 GMT+03:00 >>> To: Jun Bi <junbi@cernet.edu.cn>, Jianping Wu <jianping@cernet.edu.cn>, >>> Guang Yao <yaog@netarchlab.tsinghua.edu.cn> >>> Cc: Bill Fenner <fenner@fenron.com>, Jari Arkko <jari.arkko@piuha.net> >>> Subject: Comments on Your SAVI Proposal >>> >>> Jun, Jianping, and Guang, >>> >>> thanks for working so quickly on this proposal. You should definitely >>> present it at the SAVI session in Dublin. I have put you on the >>> agenda. >>> >>> I must note, though, that the proposal is not fully compliant with the >>> SAVI charter in two ways: (i) It requires host changes, which the >>> SAVI charter prohibits, and (ii) it performs host authentication, >>> which also goes beyond the SAVI charter. This means that there will >>> likely be skeptical comments at the microphone to which you should be >>> prepared. The prospective SAVI solution will have to affect a >>> compromise between effectiveness (security) and non-intrusiveness (no >>> false packet drops, backwards compatibility, small configuration >>> overhead). Your proposal errs on the side of security in this >>> trade-off space, Fred's proposal, for one, errs on the side >>> of non-intrusiveness. I believe the prospective SAVI solution will >>> lie between the two. In any case, it will have to lie within the >>> charter limits. >>> >>> A comment of technical nature: Your proposal supports different >>> address configuration methods (autonomous, DHCP, privacy, CGA, >>> manual). In one of them, the DHCP case, you require a cryptographic >>> binding between the initial address generation and the registration of >>> this address with the SAVI enforcement point. You are doing this even >>> at the cost of changing the DHCP protocol. Why is such a binding >>> required in the DHCP case, and why not in other cases? Considered >>> homogenizing this? >>> >>> - Christian >>> >>> >>> >>> On Jul 17, 2008, at 9:06, Jun Bi wrote: >>> >>>> Dear Jari and Christian, >>>> >>>> This is a draft we want to submit. Please give us some advice. >>>> >>>> Best Regards, Jun Bi >> >> >> <csa.txt>_______________________________________________ >> savi mailing list >> savi@ietf.org >> https://www.ietf.org/mailman/listinfo/savi > > _______________________________________________ > savi mailing list > savi@ietf.org > https://www.ietf.org/mailman/listinfo/savi > >