IETF Logo Mail Archive

Re: [Softwires] Control and data plane

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Mon, 16 January 2006 17:26 UTC

Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EyY7M-0006ot-7h; Mon, 16 Jan 2006 12:26:08 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EyY7K-0006nW-FN for softwires@megatron.ietf.org; Mon, 16 Jan 2006 12:26:06 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA29774 for <softwires@ietf.org>; Mon, 16 Jan 2006 12:24:42 -0500 (EST)
Received: from mail.consulintel.es ([213.172.48.142] helo=consulintel.es) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EyYFF-0002V2-FS for softwires@ietf.org; Mon, 16 Jan 2006 12:34:20 -0500
Received: from [10.0.0.138] by consulintel.es (MDaemon.PRO.v8.0.1.R) with ESMTP id md50001562835.msg for <softwires@ietf.org>; Mon, 16 Jan 2006 18:27:49 +0100
User-Agent: Microsoft-Entourage/11.2.1.051004
Date: Mon, 16 Jan 2006 18:25:36 +0100
Subject: Re: [Softwires] Control and data plane
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: "softwires@ietf.org" <softwires@ietf.org>
Message-ID: <BFF195A0.151633%jordi.palet@consulintel.es>
Thread-Topic: [Softwires] Control and data plane
Thread-Index: AcYasNeTFhgBw4akEdqNjQANky3PwAADbHHYAADU1dw=
In-Reply-To: <6EEEACD9D7F52940BEE26F5467C02C7302217B00@PACDCEXCMB01.cable.comcast.com>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
X-Authenticated-Sender: jordi.palet@consulintel.es
X-HashCash: 1:20:060116:softwires@ietf.org::b2DKZEcW/yeJz8dC:00000000000000000000000000000000000000000007gtN
X-MDRemoteIP: 10.0.0.138
X-Return-Path: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: softwires@ietf.org
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.consulintel.es
X-Spam-Status: No, score=-4.7 required=4.8 tests=BAYES_00, TO_ADDRESS_EQ_REAL autolearn=no version=3.0.4
X-Spam-Processed: consulintel.es, Mon, 16 Jan 2006 18:27:54 +0100
X-MDAV-Processed: consulintel.es, Mon, 16 Jan 2006 18:27:56 +0100
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cd3fc8e909678b38737fc606dec187f0
Content-Transfer-Encoding: quoted-printable
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: jordi.palet@consulintel.es
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/softwires>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
Sender: softwires-bounces@ietf.org
Errors-To: softwires-bounces@ietf.org

My fear is that we fix in the requirements document something that is too
strict and we realize it only when working in the solution ...

Regards,
Jordi




> De: "Durand, Alain" <Alain_Durand@cable.comcast.com>
> Responder a: <alain_durand@cable.comcast.com>
> Fecha: Mon, 16 Jan 2006 12:01:47 -0500
> Para: <jordi.palet@consulintel.es>, <softwires@ietf.org>
> Conversación: [Softwires] Control and data plane
> Asunto: RE: [Softwires] Control and data plane
> 
> Jordi,
>  
> This discussion is a very good one to have when discussing the solution space.
> Note how this is related to the issue of softwire signaling: inbound or
> out-of-band with the data.
>  
>    - Alain.
> 
> ________________________________
> 
> From: softwires-bounces@ietf.org on behalf of JORDI PALET MARTINEZ
> Sent: Mon 1/16/2006 10:23 AM
> To: softwires@ietf.org
> Subject: Re: [Softwires] Control and data plane
> 
> 
> 
> Hi Alain,
> 
> See below.
> 
> Regards,
> Jordi
> 
> 
> 
> 
>> De: "Durand, Alain" <Alain_Durand@cable.comcast.com>
>> Responder a: <alain_durand@cable.comcast.com>
>> Fecha: Mon, 16 Jan 2006 09:00:34 -0500
>> Para: <jordi.palet@consulintel.es>, <softwires@ietf.org>
>> Conversación: Control and data plane
>> Asunto: RE: [Softwires] Control and data plane
>> 
>>> From: softwires-bounces@ietf.org on behalf of JORDI PALET MARTINEZ
>>> Sent: Mon 1/16/2006 8:31 AM
>>> To: softwires@ietf.org
>>> Subject: [Softwires] Control and data plane
>> 
>>> 
>> 
>>> Hi all,
>>> 
>>> I'm trying to clarify myself about this:
>>> 
>>> 3.11.2.  Privacy, Integrity, and Replay protection
>>> 
>>>   The softwire Control and/or Data plane MUST be able to provide full
>>>   payload security (such as IPsec or SSL) when desired.  This
>>>   additional protection MUST be separable from the tunneling aspect of
>>>   the softwire mechanism itself.  For IPsec, default profiles MUST be
>>>  defined. [draft-ietf-v6ops-ipsec-tunnels] provides guidelines on
>>>   this.
>>> 
>>> I'm starting to think that if I can't understand this text being 100% sure
>>> about what we want to say, then is not clear enough ;-)
>>> 
>>> My question is, when we say contral and/or data plane, we are referring to
>>> the softwire protocol itself including any handshaking etc. ?
>>> 
>>> So the handshaking is the payload and then is data, or data is the tunnel.
>>> 
>>> Because if data is the tunnel (which is what I think), then it is already
>>> covered by the 2nd sentence ...
>> 
>> 
>> The "control' plane is the softwire mechanism. The data plane is made of the
>> tunneled data.
> 
> Agree, that was my understanding.
> 
>> My reading of the second sentence is that there is no a-priori restriction on
>> the way this security is achieved. For example, one can decide to protect the
>> control plane
>> and not the data plane or vice versa, and this should be doable regardless of
>> the tunneling
>> control mechanism softwire will use...
>> 
>> Does this makes things clearer?
>> 
>>> Moreover, are we requiring encryption or just authentication ?
>> 
>> Both and neither.
> 
> So the choices are:
> 1) Apply encryption or authentication or both together to the data plane
> (the tunnel)
> 2) Apply encryption or authentication or both together to the control plane
> (the mechanism)
> 
> I'm sure about 1), but not sure about 2 (at least for the encryption part),
> it will enforce to use, for example, an IPsec tunnel for the softwires
> protocol, that is already tunneling some data, and may be using IPsec
> itself.
> 
> Do we really need all that ? May be we need to consider if there is a severe
> threat if not requiring encryption. Authentication seems easy to support in
> the protocol itself w/o the need to use one more tunnel (an IPsec one).
> 
> 
>> 
>>     - Alain.
>> 
>> 
>> 
> 
> 
> 
> 
> **********************************************
> The IPv6 Portal: http://www.ipv6tf.org
> 
> Barcelona 2005 Global IPv6 Summit
> Slides available at:
> http://www.ipv6-es.com
> 
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the use of the
> individual(s) named above. If you are not the intended recipient be aware that
> any disclosure, copying, distribution or use of the contents of this
> information, including attached files, is prohibited.
> 
> 
> 
> 
> _______________________________________________
> Softwires mailing list
> Softwires@ietf.org
> https://www1.ietf.org/mailman/listinfo/softwires
> 
> 




**********************************************
The IPv6 Portal: http://www.ipv6tf.org

Barcelona 2005 Global IPv6 Summit
Slides available at:
http://www.ipv6-es.com

This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.




_______________________________________________
Softwires mailing list
Softwires@ietf.org
https://www1.ietf.org/mailman/listinfo/softwires

v2.23.0 | Report a Bug | By Email