RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC
"Dan Wing" <dwing@cisco.com> Fri, 24 April 2009 18:04 UTC
Return-Path: <owner-v6ops@ops.ietf.org>
X-Original-To: ietfarch-v6ops-archive@core3.amsl.com
Delivered-To: ietfarch-v6ops-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5AC483A73B0 for <ietfarch-v6ops-archive@core3.amsl.com>; Fri, 24 Apr 2009 11:04:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.274
X-Spam-Level:
X-Spam-Status: No, score=-5.274 tagged_above=-999 required=5 tests=[AWL=-1.379, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, J_CHICKENPOX_43=0.6, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B92ogoNQc7qP for <ietfarch-v6ops-archive@core3.amsl.com>; Fri, 24 Apr 2009 11:04:01 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 1C39E28C1FC for <v6ops-archive@lists.ietf.org>; Fri, 24 Apr 2009 11:04:01 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-v6ops@ops.ietf.org>) id 1LxPhv-0007k7-IV for v6ops-data0@psg.com; Fri, 24 Apr 2009 18:01:03 +0000
Received: from [171.71.176.72] (helo=sj-iport-3.cisco.com) by psg.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.69 (FreeBSD)) (envelope-from <dwing@cisco.com>) id 1LxPhf-0007ie-Cz for v6ops@ops.ietf.org; Fri, 24 Apr 2009 18:00:55 +0000
X-IronPort-AV: E=Sophos;i="4.40,243,1238976000"; d="scan'208";a="156542148"
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-3.cisco.com with ESMTP; 24 Apr 2009 18:00:46 +0000
Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id n3OI0kMf026196; Fri, 24 Apr 2009 11:00:46 -0700
Received: from dwingwxp01 ([10.32.240.197]) by sj-core-4.cisco.com (8.13.8/8.13.8) with ESMTP id n3OI0koQ017038; Fri, 24 Apr 2009 18:00:46 GMT
From: Dan Wing <dwing@cisco.com>
To: teemu.savolainen@nokia.com, fred@cisco.com, v6ops@ops.ietf.org
Cc: kurtis@kurtis.pp.se, rbonica@juniper.net, Basavaraj.Patil@nokia.com, jouni.korhonen@nsn.com
References: <32129337-7BED-4D7A-AF06-BC5ABB37D994@cisco.com> <18034D4D7FE9AE48BF19AB1B0EF2729F27F2C05DC3@NOK-EUMSG-01.mgdnok.nokia.com>
Subject: RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC
Date: Fri, 24 Apr 2009 11:00:46 -0700
Message-ID: <016701c9c506$97ff5ae0$c5f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
Thread-Index: Acm94LDbhPGzIm4HRiWyaNi4/b1q9wG67OsgAA5ZdaA=
In-reply-to: <18034D4D7FE9AE48BF19AB1B0EF2729F27F2C05DC3@NOK-EUMSG-01.mgdnok.nokia.com>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2942; t=1240596046; x=1241460046; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20draft-ietf-v6ops-cpe-simple-security-04 =20WGLC |Sender:=20; bh=/4yogpX2MmXdV4qoiKDSmn3IzZeRRjNfJNHRUqD71YA=; b=rU/L60nEpoEXLq35vK7hbU3KWY2t72KM0Amf08XIhOa9UJOoD9qw2ebOxw OuYDYMV1svHJ84ZQ9Mg9lfsOIa5ZopDi+oqA7vhuCRah2v8uuTCqfaIDOAE4 bMKkPOUxbq;
Authentication-Results: sj-dkim-4; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Sender: owner-v6ops@ops.ietf.org
Precedence: bulk
List-ID: <v6ops.ops.ietf.org>
> -----Original Message----- > From: owner-v6ops@ops.ietf.org > [mailto:owner-v6ops@ops.ietf.org] On Behalf Of > teemu.savolainen@nokia.com > Sent: Friday, April 24, 2009 4:46 AM > To: fred@cisco.com; v6ops@ops.ietf.org > Cc: kurtis@kurtis.pp.se; rbonica@juniper.net; > Basavaraj.Patil@nokia.com; jouni.korhonen@nsn.com > Subject: RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC > > Hi, > > I believe this document is of operational utility. > > Few comments/questions: > - 3.2.2. describes, as per RFC4787, that UDP mappings MUST > NOT expire in less than two minutes. As I don't know the > backgrounds of this decision, It is probably from REQ-5 of http://tools.ietf.org/html/rfc4787#section-4.3. > I wonder why the minimum time > could not be longer for IPv6? The longer the time the less > need to activate radio for keep-alive sending (on either side > of the firewall btw - consider a case where CPE has wireless > WAN). In CGN case short timeout is understandable due need to > save public ports, but that probably is not an issue in > simple IPv6 firewall. So why e.g. not two hours as for TCP? Two hours seems a long time to leave your door open. A longer timeout could be negotiated between the the host and its CPE router using whatever protocol exists and becomes a defacto standard on IPv6 networks (e.g., draft-woodyatt-ald, UPnP IGD version 2). -d > - 3.2.5. Just to check that DSMIP6 is considered as one of > these other tunneling protocols mentioned in R22? How about > MIP6 route optimization, will that work through a device > implementing this specification? > - 3.4 says it remains to be seen if UPnP:IGD is to be > extended for IPv6. I would rather say that IPv6 is being > added to UPnP:IDG2. See: > "http://www.upnp.org/resources/documents/UPnPIGD2vsIGD1d100320 > 09.pdf "UPnP Gateway committee: IGD:2 improvements over IGD:1" > > Best regards, > > Teemu > > > >-----Original Message----- > >From: owner-v6ops@ops.ietf.org > >[mailto:owner-v6ops@ops.ietf.org] On Behalf Of ext Fred Baker > >Sent: 15 April, 2009 18:27 > >To: IPv6 Operations > >Cc: kurtis@kurtis.pp.se; rbonica@juniper.net > >Subject: draft-ietf-v6ops-cpe-simple-security-04 WGLC > > > >This is to initiate a two week working group last call of > >draft-ietf- v6ops-cpe-simple-security-04. Please read it now. > >If you find nits (spelling errors, minor suggested wording > >changes, etc), comment to the authors; if you find greater > >issues, such as disagreeing with a statement or finding > >additional issues that need to be addressed, please post your > >comments to the list. > > > >We are looking specifically for comments on the importance of > >the document as well as its content. If you have read the > >document and believe it to be of operational utility, that is > >also an important comment to make. > > > >
- draft-ietf-v6ops-cpe-simple-security-04 WGLC Fred Baker
- RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC Hemant Singh (shemant)
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC james woodyatt
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Fred Baker
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Brian E Carpenter
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Fred Baker
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC james woodyatt
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Brian E Carpenter
- RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC teemu.savolainen
- RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC Dan Wing
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Fred Baker
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC james woodyatt
- RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC Dan Wing
- RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC teemu.savolainen
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Joel Jaeggli
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC james woodyatt
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Fred Baker