[secdir] [new-work] WG Review: Recharter of Behavior Engineering for Hindrance Avoidance (behave)

IESG Secretary <iesg-secretary@ietf.org> Mon, 23 August 2010 19:15 UTC

Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9470E3A6AC1; Mon, 23 Aug 2010 12:15:53 -0700 (PDT)
X-Original-To: new-work@ietf.org
Delivered-To: new-work@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 30) id 68FC53A6AC6; Mon, 23 Aug 2010 12:15:51 -0700 (PDT)
From: IESG Secretary <iesg-secretary@ietf.org>
To: new-work@ietf.org
Mime-Version: 1.0
Message-Id: <20100823191551.68FC53A6AC6@core3.amsl.com>
Date: Mon, 23 Aug 2010 12:15:51 -0700 (PDT)
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: new-work-bounces@ietf.org
Errors-To: new-work-bounces@ietf.org
X-Mailman-Approved-At: Mon, 23 Aug 2010 12:25:53 -0700
Subject: [secdir] [new-work] WG Review: Recharter of Behavior Engineering for Hindrance Avoidance (behave)
X-BeenThere: secdir@ietf.org
Reply-To: iesg@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Aug 2010 19:15:53 -0000

A modified charter has been submitted for the Behavior Engineering for
Hindrance Avoidance (behave) working group in the Transport Area of the
IETF.  The IESG has not made any determination as yet.  The modified
charter is provided below for informational purposes only.  Please send
your comments to the IESG mailing list (iesg@ietf.org) by Monday, August
30, 2010.

Behavior Engineering for Hindrance Avoidance (behave)
-----------------------------------------------------
v9, 2010-08-23

Current Status: Active Working Group

Chairs:
  Dan Wing <dwing@cisco.com>
  Dave Thaler <dthaler@microsoft.com>

Transport Area Director(s):
  David Harrington <ietfdbh@comcast.net>
  Lars Eggert <lars.eggert@nokia.com>

Transport Area Advisor:
  David Harrington <ietfdbh@comcast.net>

Mailing Lists:
  General Discussion: behave@ietf.org
  To Subscribe: behave-request@ietf.org
  In Body: In Body: subscribe
  Archive: http://www.ietf.org/mail-archive/web/behave

Description of Working Group:

The working group creates documents to enable NATs to function in as 
deterministic a fashion as possible.

To support deployments where communicating hosts require using different
address families (IPv4 or IPv6), address family translation is
needed to establish communication. In BEHAVE's specification work on
this topic it will coordinate with the V6ops WG on requirements and
operational considerations.

"An IPv4 network" or "an IPv6 network" in the descriptions below refer
to a network with a clearly identifiable administrative domain (e.g., an
enterprise campus network, a mobile operator's cellular network, a
residential subscriber network, etc.). It will also be that network that
deploys the necessary equipment for translation.

BEHAVE will adopt additional work items to finish four scenarios:
An IPv6 network to IPv4 Internet, IPv6 Internet to an IPv4 network, 
An IPv6 network to an IPv4 network, and An IPv4 network to an 
IPv6 network.  These additional work items include suggestions to
application developers to improve application interactions with
those translation scenarios.

The following scenario remains in scope for discussion, and new
milestones can be created to address this scenario:

* An IPv4 application running on an IPv6-only connected host to the
IPv6 Internet, i.e. perform translation between IPv4 and IPv6 for 
packets in uni- or bi-directional flows that are initiated from an 
IPv4 host towards an IPv6 host.  The translator function is embedded
in the IPv4 host.

The following scenarios remain in scope for discussion, but creating
new milestones will require re-chartering:

* An IPv4 network to IPv6 Internet, i.e. perform translation between
IPv4 and IPv6 for packets in uni- or bi-directional flows that are
initiated from an IPv4 host towards an IPv6 host. The translator
function is intended to service a specific IPv4 network using either
public or private IPv4 address space.

* IPv4 Internet to an IPv6 network, i.e. perform translation between
IPv4 and IPv6 for packets in uni- or bi-directional flows that are
initiated from an IPv4 host towards an IPv6 host. The translator
function is intended to service a specific IPv6 network where selected
IPv6 hosts and services are to be reachable.

* multicast translation, including control traffic (IGMP and MLD), 
Single Source Multicast (SSM) and Any Source Multicast (ASM).

All translation solutions shall be capable of handling flows using TCP,
UDP, DCCP, and SCTP, unless they prevent a timely completion of the work
item. The parts of ICMP that can be translated are also required to work
across a translation solution.  Additional protocols directly on top of
IP may be supported. Translation mechanisms must handle IP 
fragmentation.

Translation mechanisms cannot transparently support protocols that embed
network addresses within their protocol messages without application
level gateways (ALGs). Because ALGs have security issues (like blocking
usage of TLS), are error prone and brittle, and hinder application
development, the usage of ALGs in the defined translators should be
avoided.  Instead application developers will need to be aware and use
mechanisms that handle the address family translation.  ALGs may be
considered only for the most crucial of legacy applications.

Solutions may solve more than one of the cases, however timely delivery
is more important than a unified solution.

Goals and Milestones:

Done	  Submit BCP that defines unicast UDP behavioral requirements 
          for NATs to IESG
Done	  Submit a BCP that defines TCP behavioral requireents for NATs 
          to IESG
Done	  Submit a BCP that defines ICMP behavioral requirements for 
          NATs to IESG
Done	  Submit informational that discusses current NAT traversal 
          techniques used by applications
Done	  Submit BCP that defines multicast UDP
Done	  Submit revision of RFC 3489 to IESG behavioral requirements 
          for NATs to IESG
Done	  Submit informational document for rfc3489bis test vectors
Done	  Submit experimental document that describes how an application 
          can determine the type of NAT it is behind
Done	  Submit BCP document for DCCP NAT behavior
Done	  Determine relative prioritization of the four translation 
          cases. Documented in IETF74 minutes.
Done	  Determine what solutions(s) and components are needed to solve 
          each of the four cases. Create new milestones for the 
          solution(s) and the components. Documented in IETF74 minutes.
Done	  Submit to IESG: relaying of a TCP bytestream (std)
Done	  Submit to IESG: relay protocol (std)
Done	  Submit to IESG: TURN-URI document (std)
Done	  Submit to IESG: IPv6 relay protocol (std)
Done	  Submit to IESG: framework for IPv6/IPv4 translation (info)
Done	  Submit to IESG: stateless IPv6/IPv4 translation (std)
Done	  Submit to IESG: stateful IPv6/IPv4 translation (std)
Done	  Submit to IESG: DNS rewriting for IPv6/IPv4 translation (std)
Done	  Submit to IESG: IPv6 prefix for IPv6/IPv4 translator (std)
Done      Determine need and scope of multicast 6/4 translation
Aug 2010  Submit to IESG: FTP ALG for IPv6/IPv4 translation (std)
Dec 2010  Submit to IESG: large scale NAT requirements (BCP) 
Apr 2011  Submit to IESG: SCTP NAT behavior (BCP)
Dec 2010  Submit to IESG: Analysis of NAT-PT considerations with IPv6/
          IPv4 translation (info)
Dec 2010  Submit to IESG: avoiding NAT64 with dual-stack host for local 
          networks (std)
Apr 2011  Submit to IESG: NAT64 load balancing (std/info)
Apr 2011  Submit to IESG: host-based NAT46 translation for IPv4-only 
          applications to access IPv6-only servers (std)
_______________________________________________
new-work mailing list
new-work@ietf.org
https://www.ietf.org/mailman/listinfo/new-work