Re: [sidr] draft-sidr-rpki-rtr
Joe Touch <touch@isi.edu> Mon, 15 August 2011 16:50 UTC
Return-Path: <touch@isi.edu>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D89221F8C64 for <sidr@ietfa.amsl.com>; Mon, 15 Aug 2011 09:50:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.985
X-Spam-Level:
X-Spam-Status: No, score=-102.985 tagged_above=-999 required=5 tests=[AWL=-0.986, BAYES_00=-2.599, J_CHICKENPOX_15=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2b9niKM4gzqV for <sidr@ietfa.amsl.com>; Mon, 15 Aug 2011 09:50:55 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by ietfa.amsl.com (Postfix) with ESMTP id 9DA5D21F8C61 for <sidr@ietf.org>; Mon, 15 Aug 2011 09:50:55 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id p7FGp7Go000626 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 15 Aug 2011 09:51:07 -0700 (PDT)
Message-ID: <4E494E7B.3050809@isi.edu>
Date: Mon, 15 Aug 2011 09:51:07 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: "t.petch" <ietfc@btconnect.com>
References: <4DAF44AC.8060408@isi.edu><E3076C4C-F27C-40A8-A033-2EBB8C39A3D2@cisco.com><4DAF796C.7010807@isi.edu><BANLkTi=Oc-fEKOYCRQqM97wPxSSXjrdTRw@mail.gmail.com><409BDC5C-FE86-444A-BC0D-6DA00E7BF0F3@isi.edu><BANLkTikLi2p7UipJ!TRSQqVOL6GkLn=j9iA@mail.gmail.com><F0FABE61-FC1D-45ED-A21D-ED7A1228A997@isi.edu><01eb01cc0325$6e4fd260$4001a8c0@gateway.2wire.net><4DB592B3.3090805@isi.edu><033e01cc05a8$0a82f160$4001a8c0@gateway.2wire.net><4DB9A456.3060709@isi.edu><BANLkTikg18FV5H0bOdOfWMzpTcm_B__EVQ@mail.gmail.com><017b01cc13ff$0cb6da40$4001a8c0@gateway.2wire.net><BANLkTink82qvhge6rRhqt5+h-2mEkKBMhA@mail.gmail.com><m21uzwr3tw.wl%randy@psg.com> <BANLkTimPnMfE1ii=6uwAckoFY0yUU=w43g@mail.gmail.com> <011701cc58d4$fbbd4ce0$4001a8c0@gateway.2wire.net> <4E455B3A.7030005@isi.edu> <01ad01cc5b2b$8cf52860$4001a8c0@gateway.2wire.net>
In-Reply-To: <01ad01cc5b2b$8cf52860$4001a8c0@gateway.2wire.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: sidr@ietf.org
Subject: Re: [sidr] draft-sidr-rpki-rtr
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2011 16:50:56 -0000
Hi, Tom, On 8/15/2011 2:13 AM, t.petch wrote: ... > I was thinking, as I am sure you know, of draft-ietf-tsvwg-iana-ports where my > recollection is that in WGLC, last December, the issue of unifying the two > ranges did get raised and was declared out of scope. For that doc. It will be addressed in the user port recommendations, though it's not clear yet whether it will be resolved or just the issues documented. > Then in IETF LC, in > January, there were comments that the I-D did not give enough guidance to IANA > as to what to do when reviewing a request, the underlying concern being that > ports are a scarce resource and should be conserved. At that time, the concern > was more that protocols should not be allowed a second port for security but > should be designed to negotiate security in-band:-( but I read into that the > concern as also being that system ports are even more scarce and so the rules > should be tighter. The rate of port allocations hasn't changed in over a decade; recent reforms have served well to conserve the space. They've focused on avoiding gratuitous allocations of ranges of ports, not the security issue or the user/system issue. > I also recall a TLS discussion as to whether two ports are better than one for > security, with no clear consensus emerging. Yes. For other related protocol issues, the general consensus is "mux in band", i.e., that ports are scarce and that additional ports should never be allocated solely for performance or software complexity reasons. Security has other issues - e.g., port filtering, for one. However, the primary argument in favor of separate secure/insecure ports appears to be focused solely on performance, AFAICT. FWIW, there are already examples where multiple protocol 'stacks' require separate ports because the muxing can't happen in-band. > So I anticipate some more discussion along these lines at IETF LC and would like > us to have an answer ready. Two system ports would seem to be the most > demanding request to make and so the one needing the most justification. For this service, the key question isn't whether there should be a secure port, but why there would ever be a need for an insecure one -- especially if these are in the system range. > As you say, netconf over ssh went 'system', but netconf over TLS did not, nor > did SNMP over ssh. Whether a service goes into system or user is up to the protocol designer, and whether you all feel that this provides any benefit or not. As to the hurdles once you pick a range, yes - there will be more for system ports than for user ports. One part you're already clean on - this being an IETF proposed standard. The allocations of ports aren't particularly more conservative for system vs user, except (as above) that the argument for purely non-secure ports is even more thin. Joe
- [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Jared Mauch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? John Scudder
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Matthias Waehlisch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Hannes Gredler
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Hannes Gredler
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Stephen Kent
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? John Scudder
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Matthias Waehlisch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? John Scudder
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Hannes Gredler
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Danny McPherson
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Hannes Gredler
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Brian Weis
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Brian Weis
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Hannes Gredler
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Smith, Donald
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Hannes Gredler
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Hannes Gredler
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Brian Weis
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Pradosh Mohapatra
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Pradosh Mohapatra
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Sandra Murphy
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Geoff Huston
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Geoff Huston
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Hannes Gredler
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Matthias Waehlisch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Stephen Kent
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Brian Weis
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? t.petch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? t.petch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? t.petch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Uma Chunduri
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Sandra Murphy
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? John Scudder
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Uma Chunduri
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Uma Chunduri
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Uma Chunduri
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Stephen Farrell
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Paul Hoffman
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Robert Raszuk
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Robert Raszuk
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Hannes Gredler
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Robert Raszuk
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Stephen Farrell
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- [sidr] TLS (Was: Re: WGLC draft-sidr-rpki-rtr - t… Paul Hoffman
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Stephen Farrell
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] TLS (Was: Re: WGLC draft-sidr-rpki-rtr… Paul Hoffman
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Stephen Farrell
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? John Scudder
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] draft-sidr-rpki-rtr t.petch
- Re: [sidr] draft-sidr-rpki-rtr Joe Touch
- Re: [sidr] draft-sidr-rpki-rtr Randy Bush
- Re: [sidr] draft-sidr-rpki-rtr Stewart Bryant
- Re: [sidr] draft-sidr-rpki-rtr t.petch
- Re: [sidr] draft-sidr-rpki-rtr Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? t.petch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? t.petch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? t.petch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Paul Hoffman
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Paul Hoffman
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Christopher Morrow
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? t.petch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Randy Bush
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? t.petch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch
- Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2? Joe Touch