IETF Logo Mail Archive

Re: [sidr] draft-sidr-rpki-rtr

"t.petch" <ietfc@btconnect.com> Mon, 15 August 2011 10:16 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85EF621F8B29 for <sidr@ietfa.amsl.com>; Mon, 15 Aug 2011 03:16:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.601
X-Spam-Level:
X-Spam-Status: No, score=0.601 tagged_above=-999 required=5 tests=[BAYES_50=0.001, J_CHICKENPOX_15=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id omfyvkwBZK01 for <sidr@ietfa.amsl.com>; Mon, 15 Aug 2011 03:16:18 -0700 (PDT)
Received: from mail.btconnect.com (c2beaomr06.btconnect.com [213.123.26.184]) by ietfa.amsl.com (Postfix) with ESMTP id 92D5E21F8B27 for <sidr@ietf.org>; Mon, 15 Aug 2011 03:16:16 -0700 (PDT)
Received: from host86-163-150-187.range86-163.btcentralplus.com (HELO pc6) ([86.163.150.187]) by c2beaomr06.btconnect.com with SMTP id EEK58157; Mon, 15 Aug 2011 11:16:36 +0100 (BST)
Message-ID: <01ad01cc5b2b$8cf52860$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: Joe Touch <touch@isi.edu>
References: <4DAF44AC.8060408@isi.edu><E3076C4C-F27C-40A8-A033-2EBB8C39A3D2@cisco.com><4DAF796C.7010807@isi.edu><BANLkTi=Oc-fEKOYCRQqM97wPxSSXjrdTRw@mail.gmail.com><409BDC5C-FE86-444A-BC0D-6DA00E7BF0F3@isi.edu><BANLkTikLi2p7UipJ!TRSQqVOL6GkLn=j9iA@mail.gmail.com><F0FABE61-FC1D-45ED-A21D-ED7A1228A997@isi.edu><01eb01cc0325$6e4fd260$4001a8c0@gateway.2wire.net><4DB592B3.3090805@isi.edu><033e01cc05a8$0a82f160$4001a8c0@gateway.2wire.net><4DB9A456.3060709@isi.edu><BANLkTikg18FV5H0bOdOfWMzpTcm_B__EVQ@mail.gmail.com><017b01cc13ff$0cb6da40$4001a8c0@gateway.2wire.net><BANLkTink82qvhge6rRhqt5+h-2mEkKBMhA@mail.gmail.com><m21uzwr3tw.wl%randy@psg.com> <BANLkTimPnMfE1ii=6uwAckoFY0yUU=w43g@mail.gmail.com> <011701cc58d4$fbbd4ce0$4001a8c0@gateway.2wire.net> <4E455B3A.7030005@isi.edu>
Date: Mon, 15 Aug 2011 11:13:02 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mirapoint-IP-Reputation: reputation=Neutral-1, source=Queried, refid=tid=0001.0A0B0303.4E48F203.00DC, actions=TAG
X-Junkmail-Premium-Raw: score=7/50, refid=2.7.2:2011.8.15.95715:17:7.586, ip=86.163.150.187, rules=__HAS_MSGID, __OUTLOOK_MSGID_1, __SANE_MSGID, __TO_MALFORMED_2, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __SUBJ_ALPHA_END, __MIME_VERSION, __CT, CT_TP_8859_1, __CT_TEXT_PLAIN, __CTE, __HAS_X_PRIORITY, __HAS_MSMAIL_PRI, __HAS_X_MAILER, USER_AGENT_OE, __OUTLOOK_MUA_1, __USER_AGENT_MS_GENERIC, __ANY_URI, __FRAUD_BODY_WEBMAIL, __URI_NO_WWW, __URI_NO_PATH, BODYTEXTP_SIZE_3000_LESS, BODY_SIZE_2000_2999, __MIME_TEXT_ONLY, RDNS_GENERIC_POOLED, BODY_SIZE_5000_LESS, RDNS_SUSP_GENERIC, __OUTLOOK_MUA, RDNS_SUSP, __FRAUD_WEBMAIL, BODY_SIZE_7000_LESS
X-Junkmail-Status: score=10/50, host=c2beaomr06.btconnect.com
X-Junkmail-Signature-Raw: score=unknown, refid=str=0001.0A0B0202.4E48F210.0080, ss=1, fgs=0, ip=0.0.0.0, so=2010-07-22 22:03:31, dmn=2009-09-10 00:05:08, mode=multiengine
X-Junkmail-IWF: false
Cc: sidr@ietf.org
Subject: Re: [sidr] draft-sidr-rpki-rtr
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2011 10:16:18 -0000

----- Original Message -----
From: "Joe Touch" <touch@isi.edu>
To: "t.petch" <ietfc@btconnect.com>
Cc: "Christopher Morrow" <morrowc.lists@gmail.com>; <sidr@ietf.org>
Sent: Friday, August 12, 2011 6:56 PM
>
>
> On 8/12/2011 2:48 AM, t.petch wrote:
> > I notice that there is no mention of which range the port number should be
from,
> > in section 12.
> >
> > This has been a hot topic with TSVWG, so if guidance can be given - eg we do
not
> > care - then that could forestall later debate.
>
> Hi, Tom,
>
> The general issue of the difference in the "system" (privileged) and
> "user" (non-privileged) ports has been a topic on TSVWG, but not
> recently and not in this specific context AFAICT. There is a move afoot
> for many years to deprecate the difference between the ranges, but it
> doesn't appear to be going anywhere quickly.
>
> If you can provide a pointer otherwise, let me know.

Joe,

I was thinking, as I am sure you know, of draft-ietf-tsvwg-iana-ports where my
recollection is that in WGLC, last December, the issue of unifying the two
ranges did get raised and was declared out of scope. Then in IETF LC, in
January, there were comments that the I-D did not give enough guidance to IANA
as to what to do when reviewing a request, the underlying concern being that
ports are a scarce resource and should be conserved.  At that time, the concern
was more that protocols should not be allowed a second port for security but
should be designed to negotiate security in-band:-(  but I read into that the
concern as also being that system ports are even more scarce and so the rules
should be tighter.

I also recall a TLS discussion as to whether two ports are better than one for
security, with no clear consensus emerging.

So I anticipate some more discussion along these lines at IETF LC and would like
us to have an answer ready.  Two system ports would seem to be the most
demanding request to make and so the one needing the most justification.

As you say, netconf over ssh went 'system', but netconf over TLS did not, nor
did SNMP over ssh.

Tom Petch.

>
> There have been very few recent assignments to the system range, notably
> netconf over ssh this past year.
>
> IMO, this does belong in the system range, but it's your decision.
>
> Joe

v2.23.0 | Report a Bug | By Email