dates and a store of
pictures and is only accessible to my friends? And could providers make some
business by selling personal servers, or maybe personal virtual servers? Maybe
I am a dreamer, but hey, nothing ever happens if you don't dream of it!
-- Christian Huitema
architecture would allow distribution of data at multiple location, managed by
different commercial companies and covered by different legal authorities.
3) Require security sections of new RFC to include "mass surveillance" in their
threat model and consider mitigations.
-- Christian Huitema
-Original Message-
From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Brian E
Carpenter
Sent: Thursday, September 19, 2013 9:55 PM
To: IETF discussion list
Subject: [Fwd: I-D Action: draft-carpenter-prismatic-reflections-00.txt]
I got my arm slightly twisted to prod
>> Why bother with RFID tags, or badges? Simply register with your cell phone.
>> We can then scan your Wi-Fi and Blue-Tooth signals when you approach the mic.
>>
>> -- Christian Huitema
>>
>> 'Simply'
>>
>> What is this simple tech
e I was going with that remark, yes. :)
Why bother with RFID tags, or badges? Simply register with your cell phone. We
can then scan your Wi-Fi and Blue-Tooth signals when you approach the mic.
-- Christian Huitema
gments can afford to have someone working full-time
on the IESG. Now, having to work full time is a bit much for a volunteer
position, and we may want to consider ways to remedy that.
-- Christian Huitema
election by the
nom com. It makes sense to assess the filtering effect of each step
independently, and in particular to assess the nomcom by comparing the pool of
WG chairs to the selected nominees.
-- Christian Huitema
in to give clear guidelines than to merely mandate an implementation.
-- Christian Huitema
an example of a way to
achieve this result if the operating system meets certain condition, like
stable interface identifiers."
I would also explain the inherent issues that have to be solved, e.g., swapping
interfaces, or enabling multi-homed hosts. And I would observe that the DAD
problem cannot be solved ina reliable way.
-- Christian Huitema
e doing, and thus you feel compelled to specify an
algorithm in its most minute details, even though there are dozens of equally
good ways to achieve the same result. The net result of such over-specification
is that developers will discard the spec as arrogant, and implement what they
fell like implementing.
-- Christian Huitema
" is typical of
the old boys clubs.
Bias reduction would certainly be much easier if the time commitment required
from volunteers was not so large.
-- Christian Huitema
r
of mail agent if their connectivity happens to use IPv6.
-- Christian Huitema
Melinda is right about the gatekeeping role of the IETF. I have personally
experienced that several times. Negotiating that gatekeeping may well be the
hardest part of getting a work started. And it mostly has to do with one's
capacity to "convince" the relevant AD of the value of the work.
Thi
Memorials are for the living. The dead typically have ceased to care.
I don't know what a simple listing will achieve. The "war monuments" that Ted
mention sort of educate the living by reminding them of the massive sacrifices
that wars cause. Just listing a bunch of names will not help all that
Very useful document, certainly worth publishing. It is one of those documents
that needs frequent updates.
RFC 6052, IPv6 Addressing of IPv4/IPv6 Translators, makes reference to a
predecessor of this document, stating in section 3.1 that "The Well-Known
Prefix MUST NOT be used to represent non
web page.
4) How do we safeguard that information? Is it available to any hacker who
sneaks his way into our database?
5) How long do we keep the information? Why?
6) How do we dispose of the expired information?
These look like the right questions to the IAOC.
-- Christian Huitema
engineering and downsizing process. The
Internet did not develop because the IETF had better processes than the ITU. It
developed because we cared about making the best possible network!
-- Christian Huitema
a deep look there!
-- Christian Huitema
applications, which is why so many of us hate them. But so do
firewalls, and it seems that IPv6 firewalls are encouraged. Oh well.
-- Christian Huitema
yet whether the lawsuit will succeed, but we can point out many avenues of
actions open to the area directors or the IESG. They can of course send the
offending draft standard to the WG. They can refuse publication. They can
change the WG leadership. They can even dissolve the WG. This is the
that cover all hypothetical developments, I
would suggest a practical approach. In our process, disputes are materialized
by an appeal. Specific legal advice on the handling of a specific appeal is
much more practical than abstract rulemaking.
-- Christian Huitema
-Original Message
FC
somewhere, but that is not a mechanism. Ergo, if we were to make that
allocation, it will become unusable for your stated purpose in a very short
time.
I think that's not a very good idea. I would rather not see that allocation
being made
hows many
similarities.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
Do we have an official web page listing the timings of the "ASCII text RFC"
discussions? It ought to tell us something about the state of the IETF...
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailma
or other oversights.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
ensure that presentations are readable 50 years
from now, and do not embed some kind of malicious code, we might stick to ASCII
text, right?
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
to avoid mistakes during the transition period from IPv4
to IPv6. I understand that many actors are anxious and waiting for some kind of
fix. This is a common scenario for making substantial mistakes...
-- Christian Huitema
___
Ietf mailing list
Ie
I will be a bit more direct than Keith.
There is no such thing as "no leakage." These addresses will leak, no matter
how well you believe you are isolated. Indeed, the issues posed by similar
leakage were one of the main argument developed in RFC 3879, "Deprecating Site
Local Addresses."
We se
6rd addresses a different problem than 6to4.
6to4 is a global solution, that relies on pretty much every native IPv6
provider deploying 6to4 relays. If these relays were really well deployed and
reliable, 6to4 would allow any router with a native IPv4 address to provide
IPv6 connectivity to its
ainly not part of the
"consensus."
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
It seems that we have wide consensus to publish the advisory document, not so
much for the "6to4 historic" part. Can we just publish the advisory and be done
with this thread?
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf
ndencies on a "generic" path to 2002::/16.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
rollback with 6to4.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
ding registration of some required numbers may delay a competitor's
products. The best protection against shade is sunlight.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
a locker in Paris. It is now defined in relation to
the speed of light, itself set as 299,792,458 meters per second.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
In the old days, you would get a bar BOF by rounding up a few buddies and
paying for the drinks. I suppose that you can still do that, and don't need to
get the secretariat involved!
-- Christian Huitema
-Original Message-
From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.or
The issue would be a whole lot easier to resolve if we had an agreed upon
algorithm for the "non security" usages. CRC64 comes to mind.
-Original Message-
From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Eddy,
Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]
Sent: Wedne
ay, at the
end of which IPv6/IPv4 addresses, or address+port pairs, are redefined as mere
lcators.
Obviously, this only works for new applications, or new application releases.
But if application developers really believe they will benefit from the split,
the
Classic:
IP over everything
(dog optional)
-Original Message-
From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of Mark
Nottingham
Sent: Monday, August 16, 2010 8:05 PM
To: Fred Baker
Cc: wgcha...@ietf.org; ietf@ietf.org
Subject: Re: IETF Logo Wear
That's going to be
back of shirt) on light colors only. If we have a dark
> colored shirt, then they only let printing on the front.
Can we make sure that the shirts are ASCII only?
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
it because they really have something to hide will be "conspicuous."
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
overload the registry. As Edward Lewis wrote in another
message, "The job of a registry is to maintain the association of objects with
identities." If the WG wants to specify mandatory-to-implement functions or
algorithms, the proper tool is to write an RFC.
-- Christian Huitema
__
I am trying to prepare a draft using XML2RFC online, and I am getting the error
xml2rfc: error: I can't synthesize a date in 2009 around input line 58
Context (format: "file_basename:line_in_file:#elem_num:"):
CGI5001.1:53:#1:
Any idea why?
-- Ch
sage-
From: ietf-act...@ietf.org [mailto:ietf-act...@ietf.org]
Sent: Thursday, December 24, 2009 1:20 PM
To: Christian Huitema
Subject: Confirm:
ietf-act...@ietf.org:phQqLmSzPbBA:BttiZVJDKqxGAJxkqjzyRLPoJnA_T9FrS9ksVw
Confirmation of list posting -- confirmation ID: phQqLmSzPbBA
The ietf.or
ce and Paris was about the same. Technology drove down the cost of the
transatlantic connection. Deregulation drove down the price of the French
connection. Deregulation also boosted the availability of the Internet in
France.
-- Christian Huitema
___
Ietf m
ntially a hash of a self-signed certificate.
That works, for some definition of working: if you know what number to
retrieve, you will get an authoritative answer. But that means using large
numbers instead of short friendly names, and thus is not very "user-friendly".
-- Christian Hu
memorize the relevant public keys. If a host has a relation with a domain, it
can memorize that domain's public key. This kind of "peer-to-peer" improvement
makes the domain-to-domain or host-to-domain DNSSEC service immune to attacks
by nodes higher in the hierarchy.
-- Christ
signature. Hop-by-hop security will securely connect to the wrong name
server, to which the wrong NS record points...
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
tocols do not handle that configuration very well. I would expect MIF to
address the problem and suggest fixes...
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
lication just needs to bind the
socket to a specific IP address. Doing that ensures that packets sourced by the
application will use the specified address, will go out through the interface
corresponding to that address, and will use the default gateway associated with
that i
needed. Most of the tests
can be performed using the CHANGE-ADDRESS attribute, which does not have the
same potential for abuse. Besides, if you really want to send packets from
outside the local network towards arbitrary destinations, you can use TURN.
-- Christian Huitema
___
llocation of identifiers in
these hierarchies. If you don't want to use a hierarchy, you can also use GUID,
essentially a 128 bit random number. Open extensibility with OID, URL or GUID
is, in my opinion, a better design than relying on registries for number
allocations.
-- Christian Huitem
reordering the records in the DNS response...
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
This discussion of IPR seems to be running in circle. Can't we switch to
something else, e.g. whether RFC could be written in some other format than
ASCII text?
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/ma
name space, and if the network
entity namespace use different network entity names to designate the various
"network contracts", then, yes, we probably agree. Although I am not sure that
we should place too much emphasis on the name of physical entities like
"Christian'
plementation in the network layer. Even if we did reengineer the network
layer to implement a clean separation between identifiers and locators, the
business reality will still be there. We will end up with separate identifiers
for the different "provider contracts", and applications, or
ese RFC were written when you were working for ACC. This is a fairly
common situation among us. I have written RFC as an employee of INRIA,
Bellcore/Telcordia, and Microsoft. Just curious, did you check with whoever
bought ACC's intellectual property rights?
--
orry about later in the appendix of the previous rules, RFC 1310 published
in 1992.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
itigation of
specific issues...
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
; exactly like, say, NAT 64, then why would the organization bother to
> > use IPv6 rather than sticking with net 10?
>
> Services like Microsoft DirectAccess?
Direct Access certainly does not require that enterprises deploy NAT66...
-- Christian Huitema
__
y
need a new duplicate address detection algorithm to avoid conflicts, not to
mention recognize cases of a single host using the same host ID on multiple
subnets.
Of course, Iljitsch points an interesting issue. If NAT66 behaves exactly like,
say, NAT 64, then why would the organization bother
setting body, hiding identities is not necessarily something we want to
encourage. What are the implications for our standard process? What about
copyrights and patents?
-- Christian Huitema
___
IETF mailing list
IETF@ietf.org
https://www.ietf.org
."
Why should such a statement be confidential?
-- Christian Huitema
___
IETF mailing list
IETF@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
role by implementing a form of rate limiting.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hallam-Baker,
Phillip
Sent: Friday, February 15, 2008 10:10 AM
To: Christian Huitema; Spencer Dawkins; Iljitsch van Beijnum; [EMAIL PROTECTED]
Cc: ietf@ietf.org
Subject: RE: IPv6 NAT?
Ok yo
firewalls tried to do that, they would
have to incorporate a large amount of document parsing code, and would most
probably become a target for their own parsing bugs. Of course, no amount of
electronics will protect against users intent on downloading a very special
d for that they look at TCP and UDP
port numbers. In practice, I expect that IPv6 applications will have to be
designed to work over UDP & use an IPv6 variation of STUN to "open the
firewall". So, even with IPv6, Jonathan's statement is likely to stand.
-- Christian Huitema
onomic or business judgments from the IESG. After
all, one should assume that the participants who are expressing interest did
their homework, business plans and the like.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ie
ously conservative, and it takes warnings like that to
get them to move.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
tempt to go on with their normal work, both
for internal applications such as corporate mail, file servers, or intranet
servers, and for external applications, mostly web based. It worked, but it had
to rely on a set of transport proxies for those internal applications that were
not yet IPv6 ready
tByName function establishes a connection to a specified host and
>port. This function is provided to allow a quick connection to a network
>endpoint given a host name and port. This function supports both IPv4 and IPv6
>addresses."
-- Christian Huitema
__
otocol.
Please add:
(3) The chosen solution is immune to dictionary attacks.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
asier to use end to
end security. And in your own house, you might consider forms of social
control, as in "OK, you hacked my computer, give me the keys of your
car..."
Frankly, I don't see users managing subnets any time soon.
-- Christian Huitema
___
s not
sufficient in most cases, and it also unduly increase the registration
load in the registries.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
t of clarity: Teredo works fine through most home
routers/gateways today. The manufacturers of these routers don't need to
do anything in particular to "enable Teredo". Only a minority of these
routers do need to be fixed, i.e. those implementing variations of
"symmet
he IETF evolved from an informal gathering where engineers
will agree on how to do things, to a reactive body that mostly aims at
controlling evolution of the Internet. Is that really what we want?
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
1:1]
592 ms92 ms90 ms unassigned.in6.twdx.net
[2001:4830:e6:d::2]
6 *** Request timed out.
791 ms89 ms88 ms www.ietf.ORG
[2610:a0:c779:b::d1ad:35b4]
Trace complete.
-- Christian Huit
port economics.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
hen the dictionary attack can be
accelerated with a pre-computed catalog. However, current dictionary
attacks do not need to rely on pre-computation, since a modern PC can
compute more than a million MD5 hashes per second. So, yes, DIGEST-MD5
has essentially the s
> -Original Message-
> From: Frank Ellermann [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 07, 2006 7:49 PM
> To: ietf@ietf.org
> Subject: Re: RFC 2195 (Was: what happened to newtrk?)
>
> Christian Huitema wrote:
>
> > both Steve Bellovin and I
h techniques. Basic challenge response mechanisms
like CRAM-MD5 are simply too weak to be used on the Internet. They are
subject to dictionary attacks, which can retrieve the password in a very
short time. They don't deserve much more than documentation fo
and an even more
complex definition of extension capabilities. In short, ASN.1 is vastly
more complex that the average TLV encoding. The higher rate of errors is
thus not entirely surprising.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
that we cannot change it? Number portability,
after all, only requires a layer of indirection. We can certainly
engineer that!
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
or O(M.log(M)). In short, the routing load
grows much faster than linearly with the number of core routers.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
same port. What does help there is an
easily accessible registration system, so application developers can
easily "do the right thing", i.e. reserve a port and avoid collisions.
Note the emphasis on "easily accessible": if there are too many hoops to
jump through, the developer
have no problem with the current system.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
tocols that have a high quality so they run very well on the
Internet. If the IETF focuses a lot on quality and makes it too hard to
do #4, experimenters will end up doing #2 or #3, and there will be less
review and less open documentation.
So, there has to be a balance.
-- Christian Huitema
__
ogram is bound to change over time, e.g. when templates change. You
want to archive the final result, not the initial input.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
many revisions. An XML format is going
to be much less stable than the current status!
As a preparation tool, XML2RFC is probably OK. But it cannot be as
stable and future proof as ASCII text as a "final product" format.
-- Christian Huitema
_
and again they would not be breaking any regulation.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
In practice, they
are not. Some names can be resolved through some interfaces, and not
through others. To be sure, systems end up sending the requests on
multiple interfaces.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
nto whoever is promoting use of this top level domain and coding
that use in applications.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
ot;foo.example.net" retains the same name as it move to
different locations. There were ample debates of this point in the
working group, and the decisions to "not creating special names" and
"not linking names to topology" do reflect WG consensus.
-- Christian Huitema
.example) should be "wired" in every host. But it is simpler to
program this knowledge in the local name servers, thus avoiding undue
traffic to the root servers without risking interop issues and name
conficts in local naming plans.
-- Christian Huitema
such training. I mean, do you
really want to design insecure protocols?
For those interested in self training, I recommend the book "Writing
Secure Code, Second Edition" by Michael Howard and David LeBlanc
(http://www.microsoft.com/mspress/books/5957.asp).
-- Christian Huitema
_
n IPv6.
There really only are 5 bits available for numbering both the hop by hop
and the end to end options. That makes for a grand total of 32, of which
three are assigned by basic IPv6 specs. So, there really are good
reasons to be somewhat conservative with the assig
we used the ministry of research hierarchy to intensely lobby the
immigration services. He was eventually granted a visitor's visa.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
dictionary attack. In CRAM-MD5, the challenge is chosen by the server,
and the result computed by the client. An ill-intentioned server can
thus choose a challenge, and pre-compute a database of expected results.
A better algorithm should allow the client to inject some salt in the
process.
-- Ch
IETF protocols should not endorse the use of unprotected
challenge-response mechanism. They certainly should not lure clients to
accept challenges from unauthenticated servers.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
proposes solutions
to all problems, or that the IETF solution is expected to be adopted
regardless of process issues. The philosophy is simple: the IETF
proposes, and if the IETF solution has merit it will be adopted. There
are plenty of examples of IETF standards that did not get significant
adoption,
ways being sometimes perceived as more efficient
than complete fragmentation. On the other hand, there is no excuse for
delays created by bureaucratic processes and arbitrary pocket vetoes.
-- Christian Huitema
___
Ietf mailing list
Ietf@ietf.org
https://
1 - 100 of 208 matches
Mail list logo
