Re: [secdir] secdir review of draft-ietf-opsec-protect-control-plane-04
"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Tue, 14 December 2010 20:49 UTC
Return-Path: <cpignata@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 912F628C115; Tue, 14 Dec 2010 12:49:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.253
X-Spam-Level:
X-Spam-Status: No, score=-110.253 tagged_above=-999 required=5 tests=[AWL=0.346, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g1H-p-OYtHav; Tue, 14 Dec 2010 12:49:36 -0800 (PST)
Received: from rtp-iport-2.cisco.com (rtp-iport-2.cisco.com [64.102.122.149]) by core3.amsl.com (Postfix) with ESMTP id F2FD128C0E1; Tue, 14 Dec 2010 12:49:35 -0800 (PST)
Authentication-Results: rtp-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAApnB02tJXG+/2dsb2JhbACkE3imeptChUoEhGSJMw
X-IronPort-AV: E=Sophos;i="4.59,344,1288569600"; d="scan'208";a="193052521"
Received: from rcdn-core2-3.cisco.com ([173.37.113.190]) by rtp-iport-2.cisco.com with ESMTP; 14 Dec 2010 20:51:16 +0000
Received: from xbh-rcd-202.cisco.com (xbh-rcd-202.cisco.com [72.163.62.201]) by rcdn-core2-3.cisco.com (8.14.3/8.14.3) with ESMTP id oBEKpG2E017429; Tue, 14 Dec 2010 20:51:16 GMT
Received: from xmb-rcd-206.cisco.com ([72.163.62.213]) by xbh-rcd-202.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 14 Dec 2010 14:51:16 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 14 Dec 2010 14:51:13 -0600
Message-ID: <960EC8F9A775AB40BF58D8953342D86303756C03@XMB-RCD-206.cisco.com>
In-Reply-To: <1958D397-8B8F-4046-A976-46AEC67EA214@hopcount.ca>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: secdir review of draft-ietf-opsec-protect-control-plane-04
Thread-Index: Acubr6LhTxZn+Br0S22P5bVYQS7qmQAIAVjA
References: <001201cb9b59$acd02d70$06708850$@net> <DCC6725D-0C45-47BD-AC49-A38A256A75A8@hopcount.ca> <9B0EE2FE-9DCB-4F52-8515-F30050DF46F8@cisco.com> <1958D397-8B8F-4046-A976-46AEC67EA214@hopcount.ca>
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Joe Abley <jabley@hopcount.ca>
X-OriginalArrivalTime: 14 Dec 2010 20:51:16.0017 (UTC) FILETIME=[A6905210:01CB9BD0]
Cc: draft-ietf-opsec-protect-control-plane@tools.ietf.org, secdir@ietf.org, opsec-chairs@tools.ietf.org, iesg@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-opsec-protect-control-plane-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Dec 2010 20:49:37 -0000
Joe, Not the most authoritative source, granted, but I believe at the time we discussed this we checked Wikipedia (and not C J as precedence), at <http://en.wikipedia.org/wiki/RADIUS#UDP_port_numbers>, that says "The tradition of using 1645 and 1646 for backwards compatibility continues to this day", and with full context: "However, prior to IANA allocation of ports 1812 and 1813, ports 1645 and 1646 (authentication and accounting, respectively) were used unofficially and became the default ports assigned by many RADIUS Client/Server implementations of the time. The tradition of using 1645 and 1646 for backwards compatibility continues to this day. For this reason many RADIUS Server implementations monitor both sets of UDP ports for RADIUS requests." That said, I think that you can make a strong case for using the "proper" ones. We will make this change. Thanks, Joe and Glen. -- Carlos. -----Original Message----- From: Joe Abley [mailto:jabley@hopcount.ca] Sent: Tuesday, December 14, 2010 11:55 AM To: Carlos Pignataro (cpignata) Cc: Glen Zorn; iesg@ietf.org; secdir@ietf.org; draft-ietf-opsec-protect-control-plane@tools.ietf.org; opsec-chairs@tools.ietf.org Subject: Re: secdir review of draft-ietf-opsec-protect-control-plane-04 On 2010-12-14, at 11:43, Carlos Pignataro (cpignata) wrote: > Please note that this was intentional, as a doc produced in Opsec we intended to make it as close to the operational reality we know as possible. And our perspective was that we see more 1645/1646. I understand that's your perspective, which is entirely understandable given what cisco devices do by default, but I don't think it's necessarily the case that 1645/1646 are universally prevalent (at least, claims that it is ought to be balanced with some balanced, real-world observation). I take your point that juniper devices accommodate the pre-standard ports as well as the IANA-assigned ones. There are more vendors in the world than just C and J, however. I think pointing out that 1645/1646 are also used is perfectly valid, for the reasons of operational reality that you mention, but that the examples should use 1812/1813. Joe
- [secdir] secdir review of draft-ietf-opsec-protec… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Sean Turner
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Sean Turner
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Carlos Pignataro (cpignata)
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Carlos Pignataro (cpignata)
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Carlos Pignataro (cpignata)
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Glen Zorn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Joe Abley
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Rodney Dunn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Joe Abley
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Rodney Dunn
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Ronald Bonica
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Joe Abley
- Re: [secdir] secdir review of draft-ietf-opsec-pr… Carlos Pignataro (cpignata)