Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC
james woodyatt <jhw@apple.com> Tue, 28 April 2009 17:37 UTC
Return-Path: <owner-v6ops@ops.ietf.org>
X-Original-To: ietfarch-v6ops-archive@core3.amsl.com
Delivered-To: ietfarch-v6ops-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 257EA28C221 for <ietfarch-v6ops-archive@core3.amsl.com>; Tue, 28 Apr 2009 10:37:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.239
X-Spam-Level:
X-Spam-Status: No, score=-105.239 tagged_above=-999 required=5 tests=[AWL=-0.744, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K3ia8UzXUn6P for <ietfarch-v6ops-archive@core3.amsl.com>; Tue, 28 Apr 2009 10:37:54 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 3101128C214 for <v6ops-archive@lists.ietf.org>; Tue, 28 Apr 2009 10:37:54 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-v6ops@ops.ietf.org>) id 1LyrCZ-000Jo5-4q for v6ops-data0@psg.com; Tue, 28 Apr 2009 17:34:39 +0000
Received: from [17.254.13.23] (helo=mail-out4.apple.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <jhw@apple.com>) id 1LyrCH-000JnM-JD for v6ops@ops.ietf.org; Tue, 28 Apr 2009 17:34:32 +0000
Received: from relay14.apple.com (relay14.apple.com [17.128.113.52]) by mail-out4.apple.com (Postfix) with ESMTP id D616961C488D; Tue, 28 Apr 2009 10:34:20 -0700 (PDT)
Received: from relay14.apple.com (unknown [127.0.0.1]) by relay14.apple.com (Symantec Brightmail Gateway) with ESMTP id 9E8A3280A3; Tue, 28 Apr 2009 10:34:20 -0700 (PDT)
X-AuditID: 11807134-a4bc4bb0000025f5-9c-49f73e1c8122
Received: from il0602f-dhcp171.apple.com (il0602f-dhcp171.apple.com [17.206.50.171]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay14.apple.com (Apple SCV relay) with ESMTP id 73ABE28086; Tue, 28 Apr 2009 10:34:20 -0700 (PDT)
Message-Id: <1BE2A566-6D18-4154-886E-E93AC09B4FC8@apple.com>
From: james woodyatt <jhw@apple.com>
To: Joel Jaeggli <joelja@bogus.com>, IPv6 Operations <v6ops@ops.ietf.org>
In-Reply-To: <49F7182C.5000407@bogus.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v930.3)
Subject: Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC
Date: Tue, 28 Apr 2009 10:34:20 -0700
References: <32129337-7BED-4D7A-AF06-BC5ABB37D994@cisco.com> <18034D4D7FE9AE48BF19AB1B0EF2729F27F2C05DC3@NOK-EUMSG-01.mgdnok.nokia.com> <016701c9c506$97ff5ae0$c5f0200a@cisco.com> <18034D4D7FE9AE48BF19AB1B0EF2729F27F2C964DF@NOK-EUMSG-01.mgdnok.nokia.com> <49F7182C.5000407@bogus.com>
X-Mailer: Apple Mail (2.930.3)
X-Brightmail-Tracker: AAAAAA==
Sender: owner-v6ops@ops.ietf.org
Precedence: bulk
List-ID: <v6ops.ops.ietf.org>
On Apr 28, 2009, at 07:52, Joel Jaeggli wrote: > teemu.savolainen@nokia.com wrote: >>> -----Original Message----- >>> From: ext Dan Wing [mailto:dwing@cisco.com] >>> Sent: 24 April, 2009 21:01 >>> >>>> I wonder why the minimum time could not be longer for IPv6? The >>>> longer the time the less need to activate radio for keep-alive >>>> sending (on either side of the firewall btw - consider a case >>>> where CPE has wireless WAN). In CGN case short timeout is >>>> understandable due need to save public ports, > > Having multiple assumed possibilities for timeouts means as an > application developer you can only use the lowest one, at least if > you want your stuff to work. All true. I copied the two-minute timer from RFC 4787 on the general idea that duplicating the filtering behavior of IPv4 NAT is the basic frame of what we're doing. >> Two hours seems a long time to leave your door open. > > True, but my main intent was to ask why the 2 minutes time period > was chosen, and not e.g. 100% longer of four minutes. I agree that a longer DEFAULT timeout for IPv6 state records may be more reasonable given that we don't have a port conservation problem caused by address amplification. I have no problem with four minutes. Longer than that, however, and I would object. Two hours is just completely out of the question for a connectionless transport. So, can the working group give me a more reasonable number to use in the -06 revision I'm composing today? Otherwise, I'll just increase it from two to four minutes, and we'll revisit in -07 if necessary. -- james woodyatt <jhw@apple.com> member of technical staff, communications engineering
- draft-ietf-v6ops-cpe-simple-security-04 WGLC Fred Baker
- RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC Hemant Singh (shemant)
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC james woodyatt
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Fred Baker
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Brian E Carpenter
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Fred Baker
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC james woodyatt
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Brian E Carpenter
- RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC teemu.savolainen
- RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC Dan Wing
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Fred Baker
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC james woodyatt
- RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC Dan Wing
- RE: draft-ietf-v6ops-cpe-simple-security-04 WGLC teemu.savolainen
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Joel Jaeggli
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC james woodyatt
- Re: draft-ietf-v6ops-cpe-simple-security-04 WGLC Fred Baker