IETF Logo Mail Archive

Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.txt> (Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry) to BCP

Eric Rescorla <ekr@rtfm.com> Tue, 01 February 2011 16:53 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tsvwg@core3.amsl.com
Delivered-To: tsvwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 997373A6E33; Tue, 1 Feb 2011 08:53:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.71
X-Spam-Level:
X-Spam-Status: No, score=-102.71 tagged_above=-999 required=5 tests=[AWL=0.267, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0R8BYMM-PU4v; Tue, 1 Feb 2011 08:53:24 -0800 (PST)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by core3.amsl.com (Postfix) with ESMTP id D352E3A6BFF; Tue, 1 Feb 2011 08:53:23 -0800 (PST)
Received: by gxk27 with SMTP id 27so2961626gxk.31 for <multiple recipients>; Tue, 01 Feb 2011 08:56:41 -0800 (PST)
MIME-Version: 1.0
Received: by 10.90.52.3 with SMTP id z3mr10888640agz.189.1296579400809; Tue, 01 Feb 2011 08:56:40 -0800 (PST)
Received: by 10.90.116.7 with HTTP; Tue, 1 Feb 2011 08:56:40 -0800 (PST)
In-Reply-To: <01NXB18EJ33U007FL5@mauve.mrochek.com>
References: <20110118212603.5733.34489.idtracker@localhost> <B88A8A82-9C4A-40AC-89AF-F177260760F7@cisco.com> <ECA80A72-4E72-44D2-B40E-C90D7197E8C5@nokia.com> <4D421795.70505@isi.edu> <EFADE5D0-BB33-4418-B743-DFEC11B12740@cisco.com> <4D44F85D.5030407@isi.edu> <4D457FD9.5030905@vpnc.org> <B1E38EDF-E78E-47E2-B9A9-D7320A908217@nokia.com> <4D46CC62.1040006@vpnc.org> <3EEDEA1C-C34B-4F39-8E6E-AEDE50C1E504@nokia.com> <4D46D1D3.10701@vpnc.org> <F2152494-8C79-4A0F-951F-B3DB1D274A61@cisco.com> <4D46E623.3080602@ericsson.com> <9E89C43A-EB2A-4DAB-9B12-A740612783E8@cisco.com> <4D47DCF2.1000200@ericsson.com> <01NXB18EJ33U007FL5@mauve.mrochek.com>
Date: Tue, 01 Feb 2011 08:56:40 -0800
Message-ID: <AANLkTinh4p9z3ahZfUGbUD_Muxor2-75wOsFKof07hMJ@mail.gmail.com>
Subject: Re: Last Call: <draft-ietf-tsvwg-iana-ports-09.txt> (Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry) to BCP
From: Eric Rescorla <ekr@rtfm.com>
To: ned+ietf@mauve.mrochek.com
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Tue, 01 Feb 2011 09:57:32 -0800
Cc: Magnus Westerlund <magnus.westerlund@ericsson.com>, "tsvwg@ietf.org" <tsvwg@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, IESG IESG <iesg@ietf.org>, IETF discussion list <ietf@ietf.org>
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tsvwg>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2011 16:53:26 -0000

On Tue, Feb 1, 2011 at 8:38 AM,  <ned+ietf@mauve.mrochek.com> wrote:
> +1 to everything Magnus says here. THis is exactly how I view the multiple port
> issue.

I'll respond to this separately.


> I will also add that at least part of this fuss seems to be concern about how
> "human oversight is needed but what if the overseer misbehaves" issue. Speaking
> as someone who has been doing IANA reviews for well over a decade, it is
> absolutely the case that a reviwer's actions can screw up a registry. But the
> solution to this problem is not to overconstrain the review process - we've
> tried that approach and found it causes more problems than it solves - but
> rather to have proper checks and balances in the process itself. I believe the
> current specified process - once you understand the details, which
> unfortunately are a bit difficult to track through all the various
> specifications - is sufficient to deal with this.

Others may have that concern but it's not my concern.

My concern is rather that the reviewer get the correct guidance, and
in this case
that guidance appears to be that he ought to be pushing back on protocols which
desire to use one port for the insecure version and one port for the
secure version,
and I'm not really that comfortable with that.

-Ekr


>                                Ned
>
>> Cullen Jennings skrev 2011-01-31 18:44:
>> >
>> > Magnus, I agree with what you are saying here but you are avoiding the issue I am concerned with. Is allocating a second port for the secure version of a document a frivolous use case or not? I read this draft as saying it is. Others read the draft as saying it is not and that type of allocation is fine. This seems fairly easy to deal with - first lets agree if particular 2nd port for secure version is a reason to reject requests or not then see if any text needs to be adjusted in the draft to reflect that.
>
>> Well, frankly I don't know. I think it is something that can be avoided
>> going forward in many use cases, but not all. Simply by thinking of this
>> issue in the design phase. In addition there is clearly other solutions
>> there other considerations, like NAT traversal has said, yes
>> multiplexing is a must, thus live with even higher complexity costs.
>
>> The issue I have a problem with is that is we say on general basis that
>> due to negotiation of security protocols we are allowed to use different
>> ports for negotiation or simply usage of it. Then why is that different
>> from different versions of the protocol, or feature support. What is the
>> difference for a security protocol compared to these other issues?
>
>> What I am worried here is that we will see an increased port consumption
>> rather than a decreased one. At the current run rate I think the
>> estimate is 50 years+ before run out. That is something that I am
>> reasonably comfortable, but if the consumption rate increases four
>> times, then I am suddenly not comfortable. So I am pretty certain that
>> we need to aim at lowering the consumption rather than raising it.
>
>> As I see it there are only one way of doing it.
>
>> - State clearly that you really need to do everything reasonable so that
>> your application is only for one port.
>> - Be reasonably tough from the expert reviewer to ensure that applicants
>> has done this.
>
>> And from that perspective I don't think security is special in anyway.
>> It is only one of several things that could potentially require
>> additional registered ports. Yes security is important, but as
>> previously discussed it doesn't appear that the actual level of security
>> provided is different if you are forced to use one port or two. It might
>> affect the ease of implementation and deployment of security, which is
>> another aspect of impact.
>
>
>> Cheers
>
>> Magnus Westerlund
>
>> ----------------------------------------------------------------------
>> Multimedia Technologies, Ericsson Research EAB/TVM
>> ----------------------------------------------------------------------
>> Ericsson AB                | Phone  +46 10 7148287
>> Färögatan 6                | Mobile +46 73 0949079
>> SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
>> ----------------------------------------------------------------------
>> _______________________________________________
>> Ietf mailing list
>> Ietf@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>

v2.23.0 | Report a Bug | By Email