[secdir] draft-ietf-behave-ftp64
Donald Eastlake <d3e3e3@gmail.com> Sun, 05 June 2011 20:44 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D9DE21F84DF; Sun, 5 Jun 2011 13:44:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s7HFXOGk2P6e; Sun, 5 Jun 2011 13:44:54 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id C1BE321F84BC; Sun, 5 Jun 2011 13:44:53 -0700 (PDT)
Received: by gxk19 with SMTP id 19so1736603gxk.31 for <multiple recipients>; Sun, 05 Jun 2011 13:44:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=PoiRyWpBBu0Ccl7LiEA8LBM2XsIYu9KEOvh8wo2m0a8=; b=KO8M05qAefT4J9j71EZswu7YbS1xcgXosG+veHnq4PzHJ7D7qCY4KjMWpw27MCFRti bOeqWWby51uS5ZMSlTyHg70BW2+AHhufKw7Ja9zYidsfGRzzs+9B4Yb+E3MtvM1DbMDg c+IyNJrb1TAQe8eV4SVVwbWutXOwzVnutDLg8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type :content-transfer-encoding; b=uJtD6YGBVwjHNzRkArLPIPBTeA64ZfF1LCS8WNu2JrnHs/BxxcB9Q3WE0d1BQTUvR4 emQY/dFlXQHV94EdrFDwo/ZHG1IcoCmjTyp/qgkpS0pPuEKBVILOQK9Gaf4+tA7XioBJ cJvBot/7ogx9z0TuCH1Rbkc+dZaF4dkyo2Tkg=
Received: by 10.151.123.20 with SMTP id a20mr3672709ybn.157.1307306693096; Sun, 05 Jun 2011 13:44:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.151.144.3 with HTTP; Sun, 5 Jun 2011 13:44:33 -0700 (PDT)
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sun, 05 Jun 2011 16:44:33 -0400
Message-ID: <BANLkTimw5qiP=-fLo4-GRQUYptFHvYxU3g@mail.gmail.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-behave-ftp64.all@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: [secdir] draft-ietf-behave-ftp64
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jun 2011 20:44:54 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. This draft is about trying to secure access to IPv4 FTP servers from IPv6 clients. The results are not terribly encouraging but I find they are quite accurately described in the Security Considerations Section and I don't think you could do much better given a requirement to work with existing FTP servers. I have a bit of a problem with the title ("An FTP ALG for IPv6-to-IPv4 translation") and the slant of some of the wording. It claims to be able to describe, as an Application Level Gateway, various recommendations which are then combined with a separate existing IPv6-to-IPv4 ALG. It talks about multiple ALGs being implemented at a single entity that are handling an single FTP session. This just all seems very odd to me as it isn't very clear what the interface between these different ALGs all somehow cooperating on one session is. I believe, in reality, anyone implementing this will take an existing ALG and modify it as suggested in the draft. The draft would therefore make more sense if written as suggested changes to a single ALG rather than as an additional ALG that is somehow compounded with an existing FTP ALG... Just my opinion. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street Milford, MA 01757 USA d3e3e3@gmail.com
- [secdir] draft-ietf-behave-ftp64 Donald Eastlake
- Re: [secdir] draft-ietf-behave-ftp64 Iljitsch van Beijnum