IETF Logo Mail Archive

Re: [Softwires] I-D Action:draft-ietf-softwire-hs-framework-l2tpv2-05.txt

Bruno STEVANT <bruno.stevant@enst-bretagne.fr> Wed, 25 July 2007 22:04 UTC

Return-path: <softwires-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IDoyA-0003Bu-ND; Wed, 25 Jul 2007 18:04:34 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IDoy8-000332-8s for softwires@ietf.org; Wed, 25 Jul 2007 18:04:32 -0400
Received: from [2001:660:7301:3192:211:43ff:fea3:7e4b] (helo=laposte.rennes.enst-bretagne.fr) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IDoy6-0005lV-DM for softwires@ietf.org; Wed, 25 Jul 2007 18:04:32 -0400
Received: from localhost (localhost.localdomain [127.0.0.1]) by laposte.rennes.enst-bretagne.fr (8.13.7/8.13.7/2006.08.14) with ESMTP id l6PM4JU0008583 for <softwires@ietf.org>; Thu, 26 Jul 2007 00:04:19 +0200
Received: from l2.rennes.enst-bretagne.fr (l2.rennes.enst-bretagne.fr [192.44.77.4]) by laposte.rennes.enst-bretagne.fr (8.13.7/8.13.7/2007.03.20) with ESMTP id l6PM4Ij1008576 for <softwires@ietf.org>; Thu, 26 Jul 2007 00:04:18 +0200
Received: from [192.168.1.100] (gr8k.fasmz.org [82.240.213.5]) (authenticated bits=0) by l2.rennes.enst-bretagne.fr (8.13.1/8.13.1) with ESMTP id l6PM4IiJ012026 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <softwires@ietf.org>; Thu, 26 Jul 2007 00:04:18 +0200
Mime-Version: 1.0 (Apple Message framework v752.3)
In-Reply-To: <4B041CD7E6110773160C80B9@blues.local>
References: <E1I47o2-0006Hs-Em@stiedprstage1.ietf.org> <4B041CD7E6110773160C80B9@blues.local>
Content-Type: text/plain; charset="ISO-8859-1"; delsp="yes"; format="flowed"
Message-Id: <865B9DB9-96CB-414E-9141-8AC242C40357@enst-bretagne.fr>
Content-Transfer-Encoding: quoted-printable
From: Bruno STEVANT <bruno.stevant@enst-bretagne.fr>
Subject: Re: [Softwires] I-D Action:draft-ietf-softwire-hs-framework-l2tpv2-05.txt
Date: Thu, 26 Jul 2007 00:04:13 +0200
To: softwires@ietf.org
X-Mailer: Apple Mail (2.752.3)
X-Virus-Scanned: amavisd-new at enst-bretagne.fr
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 14582b0692e7f70ce7111d04db3781c8
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/softwires>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
Errors-To: softwires-bounces@ietf.org

Minutes of the meeting available soon ?
I am wondering why IPSec and IKEv2 jumped into the scene ...

Florent: one thing about optimizing L2TP transport over IP/IPSec:  
don't fear encapsulaton, RoHC will help us. Or am I wrong ? ;)

Le 25 juil. 07 à 21:11, Florent Parent a écrit :

>
> Here's some initial comment on this draft.
>
> Florent
>
>
> 4.1.  Softwire Transport Related
>
> FP>  Should be title "L2TPv2 Security Related"? Also would probably
> FP> make sense to put 4.2 "L2TPv2" before this section.
>
>   RFC 3193   "Securing L2TP using IPsec" [RFC3193].
>
>   RFC 3948   "UDP Encapsulation of IPsec ESP Packets" [RFC3948].
>
>              *  IPSec supports both IPv4 and IPv6 transports.
>
>
> 5.1.  L2TPv2 Tunnel Setup
>
> ...
>   In the Softwire model, an L2TPv2 packet MUST be carried over UDP.
>   The underlying version of the IP protocol may be IPv4 or IPv6,
>   depending on the Softwires scenario.
>
> FP> In the case where UDP encapsulation of IPsec ESP packets [RFC3948]
> FP> is used to protect L2TPv2, this 'MUST' becomes too strong: NAT
> FP> traversal is achieved by IPSec. One idea proposed a while ago
> FP> Francis D. was to allow optimization by carrying L2TPv2 over IP
> FP> (proto 115), thus removing an extra UDP header.
>
> FP> Proposed change: "In the Softwire model, an L2TPv2 packet not
> FP> protected by IPsec MUST be carried over UDP." ?
>
>
> 5.2.  PPP Connection
>
> 5.2.1.  MTU
>
>   The MTU of the PPP link SHOULD be the link MTU minus the size of the
>   IP, UDP, L2TPv2, and PPP headers together.  On an IPv4 link with an
>   MTU equal to 1500 bytes, this could tipically mean a PPP MTU of 1460
>   bytes.  This may vary according to the size of the L2TP header, as
>   defined by the leading bits of the L2TP message header (see
>   [RFC2661]).  Additionally, see [RFC4623] for a detailed  
> discussion of
>   fragmentation issues.
>
> FP> When IPsec is used, the PPP MTU will need to be smaller to avoid
> FP> fragmentation at the outer IP layer.
>
> FP> "... this could typically mean a PPP MTU of 1460 bytes when IPsec
> FP> is not used." ?
>
>
> 10.  Security Considerations
>
>   A detailed discussion of Softwires security is contained in
>   [I-D.ietf-softwire-security-requirements].
>
>   The L2TPv2 Softwires solution provides the following tools for
>   security:
>
>   o  IPsec [RFC3193] provides the highest level of security.
>
> FP> Since it was decided to use the new IPsec architecture and IKEv2,
> FP> we should reference RFC4301 and 4306. RFC3193 is still relevant
> FP> w.r.t. interaction of L2TPv2 and IPsec.
>
>   o  PPP CHAP [RFC1994] provides basic user authentication.
>
>   o  L2TP Tunnel Authentication [RFC2661] provides authentication at
>      tunnel setup.  It may be used to limit DoS attacks by
>      authenticating the tunnel before L2TP session and PPP resources
>      are allocated.
>
>
>
>
> _______________________________________________
> Softwires mailing list
> Softwires@ietf.org
> https://www1.ietf.org/mailman/listinfo/softwires

-- 
Bruno STEVANT - ENST Bretagne



_______________________________________________
Softwires mailing list
Softwires@ietf.org
https://www1.ietf.org/mailman/listinfo/softwires

v2.23.0 | Report a Bug | By Email