[Mip6-firewall] Next Steps
Gabor.Bajko at nokia.com
Gabor.Bajko at nokia.com
Tue Nov 6 13:28:55 EST 2007
So what about a phone conference sometime around November 26-30? And a
f2f either Sunday evening or on Monday.
Please propose topics for the conf call. My proposal would be to talk
about solutions which enable MIP usage with the current firewalls.
Hannes and myself wrote two drafts on the topic:
http://www.ietf.org/internet-drafts/draft-bajko-mip6-rrtfw-02.txt, which
describes a method to exchange addresses the peers own, and
http://www.ietf.org/internet-drafts/draft-tschofenig-mip6-ice-01.txt,
which describes how to check connectivity between address pairs of two
nodes (it is based on
http://ietf.org/internet-drafts/draft-ietf-mmusic-ice-19.txt).
It would be nice if you could read these documents and post your
opinions about them.
thanks,
-gabor
________________________________
From: mip6-firewall-bounces at zeke.ecotroph.net
[mailto:mip6-firewall-bounces at zeke.ecotroph.net] On Behalf Of ext Yaron
Sheffer
Sent: Tuesday, November 06, 2007 9:09 AM
To: Suresh Krishnan
Cc: Roberto Baldessari; mip6-firewall at zeke.ecotroph.net
Subject: Re: [Mip6-firewall] Next Steps
I'm probably coming in Sunday evening, unfortunately after the
reception.
Yaron
Suresh Krishnan wrote:
Hi Hannes,
I may arrive on Saturday, but I am not sure. I would prefer a
phone
conference after the deadlines and a face2face probably
before/after the
welcome reception.
Thanks
Suresh
Hannes Tschofenig wrote:
Hi Qiu
Hi all,
we should
* update draft-krishnan-mip6-firewall
* arrange a phone conference before the IETF meeting
* arrange a face-to-face meeting at IETF#70.
I wonder whether someone of you is already arriving on
Saturday before
the meeting.
Gabor volunteered to setup a phone conf. call (ideally
after the
submission deadlines).
Ciao
Hannes
QIU Ying wrote:
Hi, Firewall Folks:
Should we update our draft
"draft-krishnan-mip6-firewall-01" according to
the feedback getting at IETF69?
My comments are below"
6. Firewall Recommendations for MIPv6
I-D: draft-krishnan-mip6-firewall-01
15 min
Suresh Krishnan
--------------------------------------
* presentation:
- different scenario: firewall
protecting HA, MN, CN, respectively
- recommends which kind of traffic
should not be blocked by firewalls
- Adopt as WG draft?
* discussion
- hesham: just to clarify, only some
firewalls in enterprise networks
block ipsec. Not in public networks
- frank: your solution makes network
less safe (let all IPsec traffic
to HA through).
- Suresh: but this is the HA service,
you have to let this
traffic through
Frankly, in practice realm, home agents are very
special nodes: 1) only few
nodes are charged as home agents within a
networks. 2) Home agent is
normally functioned as a server or a stationary
machine at least, so it is
strong enough to protect itself (e.g. Jari
mentioned access mechanisms) and
not have to rely on the protection of firewall.
A firewall that opens few channels for some
specified robust nodes do not
means to weaken the strength of network
security.
But in order to prevent the flood attacks, the
firewall can constrain the
throughput of these channels.
- Alex: some operators don't want to
allow RO due to security weaknessses
- Suresh: that's why we separated
rules for RO and for non-RO
No matter RO or non RO, the issue of IPsec
packets through a firewall can
not avoid due to home binding update.
Any more comments?
Regards
Qiu Ying
----- Original Message -----
From: "Roberto Baldessari"
<Roberto.Baldessari at nw.neclab.eu>
<mailto:Roberto.Baldessari at nw.neclab.eu>
To: <nemo at ietf.org> <mailto:nemo at ietf.org> ;
<mext at ietf.org> <mailto:mext at ietf.org>
Sent: Tuesday, November 06, 2007 5:18 PM
Subject: [MEXT] Nemo/Mext meeting at IETF-70?
Hi all,
According to the IETF draft agenda, no NEMO nor
MEXT WG meeting has been
scheduled yet. Are there plans to have one at
IETF-70?
Concerning the activity on automotive
requirements for NEMO RO, we are in
the process to update the doc according to the
feedback we got at IETF-69
and preparing it to include/unify requirements
from both C2C-CC and ISO
CALM.
Anyway, as (I guess) the contributions from CALM
won't be ready in time for
IETF-70, I don't have anything against waiting
until IETF-71 to present a
more complete document. Also, I hope that by
then MEXT WG will be actually
in place.
Best regards,
Roberto
================================================
Roberto Baldessari
Research Scientist
NEC Laboratories, Network Division, NEC Europe
Ltd.
Kurfuerstenanlage 36, D-69115 Heidelberg
Tel. +49 (0)6221 4342-167
Fax: +49 (0)6221 4342-55
e-mail: roberto.baldessari at nw.neclab.eu
web: http://www.netlab.nec.de/
NEC Europe Limited | Registered Office:
NEC House, 1 Victoria Road, London W3 6BL
Registered in England 2832014
================================================
_______________________________________________
MEXT mailing list
MEXT at ietf.org
https://www1.ietf.org/mailman/listinfo/mext
------------ Institute For Infocomm Research -
Disclaimer -------------This email is confidential and may be
privileged. If you are not the intended recipient, please delete it and
notify us immediately. Please do not copy or use it for any purpose, or
disclose its contents to any other person. Thank
you.--------------------------------------------------------
_______________________________________________
Mip6-firewall mailing list
Mip6-firewall at zeke.ecotroph.net
https://zeke.ecotroph.net/mailman/listinfo/mip6-firewall
_______________________________________________
Mip6-firewall mailing list
Mip6-firewall at zeke.ecotroph.net
https://zeke.ecotroph.net/mailman/listinfo/mip6-firewall
_______________________________________________
Mip6-firewall mailing list
Mip6-firewall at zeke.ecotroph.net
https://zeke.ecotroph.net/mailman/listinfo/mip6-firewall
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://zeke.ecotroph.net/pipermail/mip6-firewall/attachments/20071106/5498a5fa/attachment-0001.html
More information about the Mip6-firewall
mailing list