IETF Logo Mail Archive

Re: [tcpm] tcp-auth-opt issue: support for NATs

Ted Faber <faber@ISI.EDU> Mon, 11 August 2008 23:47 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1FC983A6912; Mon, 11 Aug 2008 16:47:40 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 40D3D3A6912 for <tcpm@core3.amsl.com>; Mon, 11 Aug 2008 16:47:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id saseVp0f7M36 for <tcpm@core3.amsl.com>; Mon, 11 Aug 2008 16:47:38 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by core3.amsl.com (Postfix) with ESMTP id 87FF93A6888 for <tcpm@ietf.org>; Mon, 11 Aug 2008 16:47:38 -0700 (PDT)
Received: from zod.isi.edu (zod.isi.edu [128.9.168.221]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id m7BNkS4g002053 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 11 Aug 2008 16:46:29 -0700 (PDT)
Received: (from faber@localhost) by zod.isi.edu (8.14.2/8.14.2/Submit) id m7BNkQVs016540; Mon, 11 Aug 2008 16:46:26 -0700 (PDT) (envelope-from faber)
Date: Mon, 11 Aug 2008 16:46:26 -0700
From: Ted Faber <faber@ISI.EDU>
To: Dan Wing <dwing@cisco.com>
Message-ID: <20080811234626.GB2194@zod.isi.edu>
References: <48A08295.8090903@juniper.net> <20080811184214.B300B50846@romeo.rtfm.com> <03d901c8fbe9$05673220$23d946ab@cisco.com>
Mime-Version: 1.0
In-Reply-To: <03d901c8fbe9$05673220$23d946ab@cisco.com>
User-Agent: Mutt/1.4.2.3i
X-url: http://www.isi.edu/~faber
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: faber@zod.isi.edu
Cc: 'Adam Langley' <agl@imperialviolet.org>, tcpm@ietf.org, 'Joe Touch' <touch@ISI.EDU>
Subject: Re: [tcpm] tcp-auth-opt issue: support for NATs
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0552474954=="
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

On Mon, Aug 11, 2008 at 12:32:41PM -0700, Dan Wing wrote:
> > - Key-ids must be globally unique.
> > - You need to know the other side's IP address, even if you're doing
> >   a passive open.
> 
> Adding 32 bits to the key-id would create the same global uniqueness
> that using the source IPv4 addresses accomplishes.

There's a little more to a establishing a global namespace than
allocating the bits.  Using the IP address is capitalizing on the IP
address allocation authorities and routing systems to keep those
addresses unique at any given time (and "unique" is somewhat approximate
even with those mechanisms).

One can establish a global namespace here if needed, but there's more to
do than allocate the field space.

-- 
Ted Faber
http://www.isi.edu/~faber           PGP: http://www.isi.edu/~faber/pubkeys.asc
Unexpected attachment on this mail? See http://www.isi.edu/~faber/FAQ.html#SIG

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email