Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-05-31 Thread Tommy Pauly
Hello, I've posted a new version of the draft that incorporates the changes discussed in this thread. Please review! https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-tcp-encaps-10 Thanks, Tommy > On May 12, 2017

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-05-12 Thread Tommy Pauly
> On May 8, 2017, at 5:49 AM, Mirja Kuehlewind (IETF) > wrote: > > Does the proposed text changes from Tommy still refer to 443 anywhere (lost > track a bit but I guess the appendix still does right)? > > Again I think we should talk about using 443 if that’s what’s done in > reality. Howev

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-05-08 Thread Mirja Kuehlewind (IETF)
Does the proposed text changes from Tommy still refer to 443 anywhere (lost track a bit but I guess the appendix still does right)? Again I think we should talk about using 443 if that’s what’s done in reality. However my understanding is that real-life implementation use TCP/TLS which I think

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-05-05 Thread Eric Rescorla
It seems like most of the issues are resolved here, except for that of muxing IKE and non-IKE protocols on the same port (especially 443). My understanding is that (although we may not like it) it's nevertheless a common practice, and yet we can't levy the requirement that no other protocol start w

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-05-03 Thread Spencer Dawkins at IETF
On May 3, 2017 05:54, "Mirja Kühlewind" wrote: I didn't propose to obsolete RFC3947 in this document. I guess you can also file an error for this if you don't want to take any further actions. However, for updating the IANA registry, I would say the right action is to do this simply by IESG appro

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-05-03 Thread Mirja Kühlewind
I didn't propose to obsolete RFC3947 in this document. I guess you can also file an error for this if you don't want to take any further actions. However, for updating the IANA registry, I would say the right action is to do this simply by IESG approval for UDP then. Mirja On 03.05.2017 11:1

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-05-03 Thread Tero Kivinen
Mirja Kuehlewind (IETF) writes: > my thinking was that the main problem is that 3947 was not obsoleted > and I’m assuming we need a document to fix that. This is partly issue, but it is not issue we need to solve here, as this document is not something that should obsolete 3947. Also 3947 only de

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-05-02 Thread Mirja Kuehlewind (IETF)
Hi Tero, my thinking was that the main problem is that 3947 was not obsoleted and I’m assuming we need a document to fix that. In this case that document could/should also fix the IANA entry for the UDP port. However, I’m actually not sure what the right processing would be to fix this forgotte

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-05-02 Thread Tero Kivinen
Mirja Kuehlewind (IETF) writes: > so first updating is a request to IANA, so you have to remove the > first sentence. Agreed, forgot to remove that. > Then the update of the UPD port should probably be done in a > separate document that potentially also obsoletes 3947 if that was > missed with 7

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-05-02 Thread Mirja Kuehlewind (IETF)
Hi all, so first updating is a request to IANA, so you have to remove the first sentence. Then the update of the UPD port should probably be done in a separate document that potentially also obsoletes 3947 if that was missed with 7296. Mirja > Am 02.05.2017 um 11:17 schrieb Tero Kivinen : >

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-05-02 Thread Tero Kivinen
Tommy Pauly writes: > I'll defer to Tero on this one. Tero, what do you prefer to do with the IANA > Considerations text? [Note, that I am just talking as individual here, these IANA actions do not relate the IKEv2 registries where I am IANA Expert] I proposed to change both the UDP and TCP refer

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-04-28 Thread Tommy Pauly
I'll defer to Tero on this one. Tero, what do you prefer to do with the IANA Considerations text? Thanks, Tommy > On Apr 28, 2017, at 4:41 PM, Spencer Dawkins at IETF > wrote: > > This is still Mirja's Discuss (which I supported), so I'll let her respond to > most of Tommy's proposed text ch

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-04-28 Thread Spencer Dawkins at IETF
This is still Mirja's Discuss (which I supported), so I'll let her respond to most of Tommy's proposed text changes, but on the last one ... On Fri, Apr 28, 2017 at 12:05 PM, Tommy Pauly wrote: > > 14. IANA Considerations > >This memo includes no request to IANA. > > * TCP port 4500 is al

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-04-28 Thread Tommy Pauly
Hello all, Here's some proposed text for: - Clarifying the configuration model around ports - Clarifying the role of the stream prefix - Expanding the TCP performance considerations. Changes are in bold. Thanks, Tommy --- 2. Configuration One of the main reasons to use TCP encapsula

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-04-28 Thread Mirja Kühlewind
Hi Tero, a few quick replies but we also discussed this yesterday at the telechat and agreed on a way forward. On 27.04.2017 16:12, Tero Kivinen wrote: Mirja Kühlewind writes: I agree that this kind of port squatting is regrettable, but I also don't think it really helps to not publish RFCs

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-04-27 Thread Tero Kivinen
Mirja Kühlewind writes: > > I agree that this kind of port squatting is regrettable, but I also don't > > think it really > > helps to not publish RFCs that document widely used protocols because we > > are sad they port-squatted. > > > > I proposed a way to deal with this in an earlier e-mail. Wou

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-04-27 Thread Spencer Dawkins at IETF
Tero, Top-posting, because I'm only saying "thank you, that's very helpful". Spencer On Thu, Apr 27, 2017 at 8:50 AM, Tero Kivinen wrote: > Spencer Dawkins at IETF writes: > > The reason optional ports in URIs work, is that someone handed you a URI > with > > that port number who has some reas

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

2017-04-27 Thread Tero Kivinen
Spencer Dawkins at IETF writes: > The reason optional ports in URIs work, is that someone handed you a URI with > that port number who has some reason to believe that the port number is OK to > use with the host included in the URI. > > Is that a reasonable assumption about the way IPsec and IKE o