A reference too wonderful not to share - S4
http://www.bcr.com/bcrmag/2005/07/p62.php While its chief aim seems to be at organizations that the IETF loves to claim it's different from, we should try to not become what we denigrate as we prepare to congregate for our Paris togetherness week. Harald ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Port numbers and IPv6 (was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt)
--On fredag, juli 15, 2005 13:11:09 -0700 Hallam-Baker, Phillip [EMAIL PROTECTED] wrote: From: Jeffrey Hutzelman [mailto:[EMAIL PROTECTED] On Friday, July 15, 2005 11:48:28 AM -0700 Hallam-Baker, Phillip [EMAIL PROTECTED] wrote: Agree, for the most part. Fixed port numbers do have some operational advantages, though... They certainly have operational advantages for managers of firewalls that don't have the ability to perform filtering that is any more specific. And this had led protocol designers to run every new protocol over port 80 using the firewall bypass protocol HTTP. One nice feature of using DNS is that it means that you can perform a lot of control through the signalling channel alone. warning... implementing control by denying information (such as not telling the bad guy which port the secured-by-obscurity process is ACTUALLY running on) is not terribly good security. It is certainly reasonable control over people who want to be controlled (management), but not very good control over people who do not want to be controlled (security). The story that comes to mind is attributed to the Norwegian railroad company, early 1940 (in April 1940, Norway was occupied by Nazi Germany). Head conductor: And in case of war, how would you deny the enemy the use of the railway system? Junior conductor: Burn all the tickets, SIR! Of course, if all protocols (and their implementations) were sufficiently secure themselves, firewalls wouldn't be needed, and the Net would be simpler than it is. But wishing won't make it so ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: A proposed experiment in narrative minutes of IESG meetings
--On torsdag, juli 14, 2005 21:33:05 -0400 Sandy Wills [EMAIL PROTECTED] wrote: Directed towards the IESG: Recording meetings, and publishing those recordings, may be a hassle, but it answers all questions about the integrity of the decision-making process. There may still be questions about knowledge and wisdom, but you put to rest all questions about integrity. Refusing to record (for whatever reason*), after having been asked (for whatever reason) by the people you represent, says something rather different. I'm sorry to be this blunt, but... Nonsense. Anyone who has watched the on-stage, recorded, extremely-public board meetings of ICANN and has also watched the multitude of conspiracy theories about the ICANN board knows that conspiracy theorists will take the existence of a recording as proof that the REAL conspiracy was going on somewhere else, and what was recorded was an orchestrated public charade. Been there, done that, no cigar. Harald ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Need for an open access IPv6 working group at the IETF
Francois, In 1999 you asked my predecessor's predecessor: I wonder if we should not have a new working group within the IETF that would issue informational RFC's on the topics of equal access using Internet Protocol technologies. Well, I'm quite sure the answer is no. That is a business model, policy and governance question, and these are not areas within the IETF's mission. Discussion of specific vendor's products is also outside our scope, except when they directly illustrate technical discussions. It's clear that producing technical standards that are fair and open is in the IETF's mission, and that is where we should focus. If you have technical proposals that tackle this, they are most welcome, in Paris, Vancouver, or on-line. You might, however, be interested by RFC 4084. Regards - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Brian E Carpenter IETF Chair Francois Menard wrote: Folks, With the positive result in Lafayette a few hours ago, and the increased reliance on non-standard Multi-VRF in CMTS for cable modem open access in Canada (which is finally being turned on as we speak), I think it is finally time to get my July 17, 1999 proposal out of the drawer (making it its 6th anniversary today by pure coincidence... proving again that things never change... or at least take forever to change...). What process should I follow to make this happen from a distance if I cannot manage to travel onsite at an IETF meeting? (Vancouver is as far from here as Paris!, but I am tempted to go.) Can anyone comment about whether I should be able to expect getting an MPLS LSP straight out of a Cisco CMTS into my own provider edge router as an ISP rather than rely on this being done internally by the cable carrier to a 7206 acting as the PE, but then running policy routing on the source IP address to select the right interface towards the ISP and then require to run the DHCP server on behalf of the ISP? Does anybody know whether this: http://www.cisco.com/en/US/products/hw/routers/ps259/prod_bulletin09186a00800921d7.html is known to be standardized and interoperable at the MPLS level with other provider hardware? I know some people my think that I should ask these questions to Cisco directly, but really, this is not the case... In Canada the CMTS hardware that cable carriers use might be cisco, but ISPs are free to select the PE hardware of their choice... So there is cause for concern that the cable carriers might be able to get LSPs straight out of the CMTS devices into PEs running at the ISP premises, but are refusing to do so, to restrict the cable modem unbundling framework in a manner which is not going to stand up for 2 seconds in a complaint at the CRTC (and I'm getting quite good at those). Has anybody got a better architecture to propose? Do not say PPPoE please... I want something that is IPv6 friendly. I still have in the back of my mind the idea of #1) using IPv6, #2) partitioning the flow field range and #3) doing admission control on certain ranges in combination with peering on an interdomain basis with QoS using a specific DSCP profile for peering across (not the Internet), but across the PSTN equivalent of a billkeep IMT trunk if you want. My thinking is of getting an LSP from the CMTS serving the cable modem CPE of the third party ISP, straight into the third party ISP. This would allow a fully bridged dedicaed LAN per third party ISP end-customer (one per home, using the DOCSIS session identifier to filter out broadcast traffic from neighbours on the same optical node). The third party ISP would then only need to have an IPv6 router with one leg into each LAN of each of its residential customers so that NDP works as-is. Does anyone make an IPv6 router with say, the capability of 1000 subinterfaces? I'd like to have an off-list discussion on this topic with those who feel their gear is up to the task. Does anyone make a tunnel stack for Windows XP which supports IPv4 tunnel over IPv6? Does anyone make a router which supports an IPv4 tunnel over IPv6? Does anyone make a VoIP ATA which supports IPv6? Does anoyone make an ADSL2+ router + H.264 settop box which supports an IPv4 tunnel over IPv6? Anybody in Asia with the genius to make this happen ? Best regards, -=Francois=- [EMAIL PROTECTED] --- For references, see a copy of my email dating from July 17, 1999: Date: Sat, 17 Jul 1999 14:13:34 -0400 (EDT) From: Francois D. Menard [EMAIL PROTECTED] To: ietf@ietf.org Subject: Equal Access Working Group ... Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Fred, everyone, I wonder if we should not have a new working group within the IETF that would issue informational RFC's on the topics of equal access using Internet Protocol technologies. Here in Canada, there is a trend in the
Re: Meeting Locations
Scott W Brim wrote: On Fri, Jul 15, 2005 05:27:45PM +0200, Brian E Carpenter allegedly wrote: My expectation is that we'll stick to the pattern of two N American meetings plus one in another region - but meeting planning is an art, not a science. I like the deterministic formula based on the number of drafts written. I don't think it can be fully deterministic. We might want to *encourage* engineers in a particular region or country to participate (rather than, for example, indulging in national or regional standardization). Brian ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Port numbers and IPv6
Hallam-Baker, Phillip wrote: I'm saying that one source system can generate more than 64K IMAP4 sessions. These are systems running various sorts of proxies, so they are in effect hosting many clients at once. True, but if we are running IPv6 then surely the solution to this problem would be to simply request some number of additional IP address allocations via DHCP? This is already done in the IPv4 world, it can be done in the IPv6 world. More than that: the fact that the interface ID namespace in IPv6 is large means that virtual IP addresses are available more or less on demand. I think this is something we really haven't started to exploit yet. Brian ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Test version of the Parking Area
Alexey Melnikov wrote: Frank Ellermann wrote: I'm working on other sort orders Neither REF nor IANA in the state column before the date could be very interesting. Or some statistics, but I guess you already have that elsewhere. Actually I disagree. It is quite useful to be able to find out from a single place why a document is still not published. It would also be useful if the RFC-editor reported when a draft would get their attention, and this was included in the list. Stewart Alexey ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: A proposed experiment in narrative minutes of IESG meetings
--On torsdag, juli 14, 2005 21:33:05 -0400 Sandy Wills [EMAIL PROTECTED] wrote: Directed towards the IESG: Recording meetings, and publishing those recordings, may be a hassle, but it answers all questions about the integrity of the decision-making process. There may still be questions about knowledge and wisdom, but you put to rest all questions about integrity. Refusing to record (for whatever reason*), after having been asked (for whatever reason) by the people you represent, says something rather different. I'm sorry to be this blunt, but... Nonsense. Anyone who has watched the on-stage, recorded, extremely-public board meetings of ICANN and has also watched the multitude of conspiracy theories about the ICANN board knows that conspiracy theorists will take the existence of a recording as proof that the REAL conspiracy was going on somewhere else, and what was recorded was an orchestrated public charade. You are, of course, correct. But guess what: This is one where the conspiracy theorists are actually partly right. They know good and well that there are in fact plenty of private conversations and off the record exchanges going on behind the scenes. There have to be. Like it or not, the members any small group charged with making important decisions need to be able to communicate off the record. Having been on the IESG, I can tell you that private communication with other IESG members is very common, if only because bothering the entire IESG with every small issue that comes up would be a huge time waster for the group as whole. So any notion that recording IESG meetings will capture the process in its entirety is simply silly. As for atually recording the meetings, I'm pretty ambivalent about that. For one thing, I think people are seriously underestimating the amount of time and effort that would be needed to make this work. And for another, I don't think it improves transparency nearly as much as people think it will. OTOH, the added insight it would provide to general IETF participants about how the IESG operates would be a very good thing. Perhaps the right thing to do is to record 1-2 meetings a year, as someone else suggested. Been there, done that, no cigar. Anyone with corporate board experience has been there as well. Or school board experience. Or, for that matter, corridor conversations at IETF meetings. There's certainly no shortage of examples. Ned ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Meeting Locations
John, The short answer is Yes - identifying meeting locations and times 18 to 24 months out is a plausible target. Site ID is less a problem than Sponsor commitment, but the answer remains Yes. Ray Is it reasonable for us to hope that, as things settle down over time, we can reasonably expect to get to the meeting times and locations known 18 months to two years out status that has been the target for some years? Or, to put it differently, without any unreasonable expectations about how quickly it is possible to get back onto that basis, is it still the target and do you consider that target plausible? On Fri, 15 Jul 2005 08:10:58 -0400 John C Klensin [EMAIL PROTECTED] wrote: --On Friday, 15 July, 2005 11:59 +0200 Brian E Carpenter [EMAIL PROTECTED] wrote: Clint, Firstly, please note that this is now part of the IETF Administrative Ditrector's responsibility. I've put him on copy. Second, we all agree that locations should be chosen and announced as early possible. Third, there is a very high probability that IETF65 will be at a US location and we have a host in view - but until that is fully settled I don't think we can say in public. I'm sure Ray will tell us as soon as possible. Brian and Ray, Is it reasonable for us to hope that, as things settle down over time, we can reasonably expect to get to the meeting times and locations known 18 months to two years out status that has been the target for some years? Or, to put it differently, without any unreasonable expectations about how quickly it is possible to get back onto that basis, is it still the target and do you consider that target plausible? john ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Port numbers and IPv6 (was: I-D ACTION:draft-klensin-iana-reg-policy-00.txt)
warning... implementing control by denying information (such as not telling the bad guy which port the secured-by-obscurity process is ACTUALLY running on) is not terribly good security. It is certainly reasonable control over people who want to be controlled (management), but not very good control over people who do not want to be controlled (security). The same is true of using port numbers to identify protocols. People have already figured out that the only protocols that can be deployed in practice are the ones that run over port 80 using HTTP, the firewall bypass protocol. Of course, if all protocols (and their implementations) were sufficiently secure themselves, firewalls wouldn't be needed, and the Net would be simpler than it is. But wishing won't make it so Nothing will give you absolute security. But there are solutions that will help the process of security management. Firewalls are a triage device, they block a large proportion of attacks at the front door. This frees up the security managers to focus on the most serious threats. But no, firewalls without management don't provide much security. If every single protocol developed by the IETF were to be deployed tommorow it would not have more than a marginal effect on Internet crime. Nor is this suprising, the types of fraud being performed by professional Internet criminals were not anticipated twenty years ago. The only thing that is suprising is that there are still people who think that the end-to-end security theory is the only acceptable security approach. This despite the continued failure to deploy systems designed on that principle or get them used. Clearly we need a different security approach than hoping that someday everything can be done at the application ends. I think that it is better to look at the way security professionals secure networks in practice and follow their lead rather than continue to promote an unproven academic theory. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Need for an open access IPv6 working group at the IETF
On Mon, 18 Jul 2005, Brian E Carpenter wrote: In 1999 you asked my predecessor's predecessor: I wonder if we should not have a new working group within the IETF that would issue informational RFC's on the topics of equal access using Internet Protocol technologies. Well, I'm quite sure the answer is no. That is a business model, policy and governance question, and these are not areas within the IETF's mission. I am in agreement that open access issues as they relate to business models, policy or governance, are not areas within the IETF mission. However, you have avoided giving consideration to the technical guts of my proposal: re: IPv6 flow field range partitioning, IPv6 prefix propagation and MPLS LSP to v6 flow mapping (as they emerge from DOCSIS SIDs). I am not proposing an open access working group per se, but I would like to know what the IETF-ers think about how best to support multiple simultaneous ISPs in an IETF-standardized sort of way. Do not ask me to have these discussions at Cablelabs... they do not want it. So where else? I've been out of touch for a while, so if anybody can bring me up to speed in a manner that is a bit more enthusiastic, I would appreciate deeply. Discussion of specific vendor's products is also outside our scope, except when they directly illustrate technical discussions. Can one at least tell me whether Multi-VRF is known to be an IETF standard? What is the RFC? It's clear that producing technical standards that are fair and open is in the IETF's mission, and that is where we should focus. If you have technical proposals that tackle this, they are most welcome, in Paris, Vancouver, or on-line. I should propose an ID in the IPv6 working group? You might, however, be interested by RFC 4084. I do not see the relevance of this RFC. Anything else? -=Francois=- 819 692 1383 ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Need for an open access IPv6 working group at the IETF
Since the CMTS is not the originating node it can not modify the flow label field, so do not look there. This sounds exactly like the case that the routing header was created for, but for some reason people consistently refuse to look there ... I agree there needs to be some thought about a standardized way to handle the problem and would like to continue this discussion off list for now. Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francois Menard Sent: Monday, July 18, 2005 10:19 AM To: Brian E Carpenter Cc: ietf@ietf.org Subject: Re: Need for an open access IPv6 working group at the IETF On Mon, 18 Jul 2005, Brian E Carpenter wrote: In 1999 you asked my predecessor's predecessor: I wonder if we should not have a new working group within the IETF that would issue informational RFC's on the topics of equal access using Internet Protocol technologies. Well, I'm quite sure the answer is no. That is a business model, policy and governance question, and these are not areas within the IETF's mission. I am in agreement that open access issues as they relate to business models, policy or governance, are not areas within the IETF mission. However, you have avoided giving consideration to the technical guts of my proposal: re: IPv6 flow field range partitioning, IPv6 prefix propagation and MPLS LSP to v6 flow mapping (as they emerge from DOCSIS SIDs). I am not proposing an open access working group per se, but I would like to know what the IETF-ers think about how best to support multiple simultaneous ISPs in an IETF-standardized sort of way. Do not ask me to have these discussions at Cablelabs... they do not want it. So where else? I've been out of touch for a while, so if anybody can bring me up to speed in a manner that is a bit more enthusiastic, I would appreciate deeply. Discussion of specific vendor's products is also outside our scope, except when they directly illustrate technical discussions. Can one at least tell me whether Multi-VRF is known to be an IETF standard? What is the RFC? It's clear that producing technical standards that are fair and open is in the IETF's mission, and that is where we should focus. If you have technical proposals that tackle this, they are most welcome, in Paris, Vancouver, or on-line. I should propose an ID in the IPv6 working group? You might, however, be interested by RFC 4084. I do not see the relevance of this RFC. Anything else? -=Francois=- 819 692 1383 ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Last Call: 'Handling of Unknown DNS Resource Record (RR) Types' to Draft Standard
The IESG has received a request from the dnsext WG to consider the following document: - 'Handling of Unknown DNS Resource Record (RR) Types ' RFC 3597 as a Draft Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send any comments to the iesg@ietf.org or ietf@ietf.org mailing lists by 2005-08-11. The file can be obtained via http://www.ietf.org/rfc/rfc3597.txt Implementation Report can be accessed at http://www.ietf.org/IESG/implementation.html ___ IETF-Announce mailing list IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce
