[Mip6-firewall] Next Steps
Gabor.Bajko at nokia.com
Gabor.Bajko at nokia.com
Fri Nov 23 01:57:50 EST 2007
Noone replied saying 'no', so I assume Wed Nov 28th would be a good time for a conf call.
So far I saw intention to participate from Suresh, Yaron, Hannes and myself. Qiu Ying and Hesham, if you intend to participate, please let us know, we should pick a time which is reasonable for all participants. If you do not wish to participate, I propose 9am PST for the conf call.
- gabor
-----Original Message-----
From: mip6-firewall-bounces at zeke.ecotroph.net [mailto:mip6-firewall-bounces at zeke.ecotroph.net]
Sent: Wednesday, November 14, 2007 8:56 AM
To: suresh.krishnan at ericsson.com
Cc: mip6-firewall at zeke.ecotroph.net
Subject: Re: [Mip6-firewall] Next Steps
Ok, let's pick 28th.
Would 28th work for everone then?
- gabor
-----Original Message-----
From: ext Suresh Krishnan [mailto:suresh.krishnan at ericsson.com]
Sent: Wednesday, November 14, 2007 8:41 AM
To: Bajko Gabor (Nokia-SIR/MtView)
Cc: mip6-firewall at zeke.ecotroph.net
Subject: Re: [Mip6-firewall] Next Steps
Hi Gabor,
26th and 27th don't work for me. All the other 3 days (28,29,30) are fine for me.
Thanks
Suresh
Gabor.Bajko at nokia.com wrote:
> As a follow up, I am suggesting Tuesday, November 27 for the conf call.
>
> There seems to be more and more options we need to discuss as the next
> step. There is a new draft from Suresh/Hesham and two other drafts
> from Hannes/Gabor.
> Any disagreement with the currently available two drafts may be
> discussed if we are not able to sort them out via email.
> Anything else?
>
> There is no timeslot which would work for everyone. Possible times:
> 11am PST (6am Sydney, 8pm Munich, 9pm Jerusalem, 3am Singapore); 1pm
> PST (8am Sydney, 10pm Munich, 11pm Jerusalem, 5am Singapore); 5am PST
> (midnight Sydney, 2pm Munich, 3pm Jerusalem, 9pm Singapore). Any better suggestion?
>
> If any of you is not planning to participate, let us know, that may
> help choosing a better time.
>
> feedback, please.
> - gabor
>
> ----------------------------------------------------------------------
> --
> *From:* ext Niklas Steinleitner
> [mailto:steinleitner at cs.uni-goettingen.de]
> *Sent:* Wednesday, November 07, 2007 4:53 AM
> *To:* Bajko Gabor (Nokia-SIR/MtView)
> *Cc:* yaronf at checkpoint.com; suresh.krishnan at ericsson.com;
> Roberto.Baldessari at nw.neclab.eu; mip6-firewall at zeke.ecotroph.net
> *Subject:* Re: [Mip6-firewall] Next Steps
>
> I will arrive on Saturday evening. November 26-30 is fine with me.
>
> Niklas
>
> Gabor.Bajko at nokia.com schrieb:
>> So what about a phone conference sometime around November 26-30? And
>> a f2f either Sunday evening or on Monday.
>>
>> Please propose topics for the conf call. My proposal would be to talk
>> about solutions which enable MIP usage with the current firewalls.
>> Hannes and myself wrote two drafts on the topic:
>>
>> http://www.ietf.org/internet-drafts/draft-bajko-mip6-rrtfw-02.txt,
>> which describes a method to exchange addresses the peers own, and
>>
>> http://www.ietf.org/internet-drafts/draft-tschofenig-mip6-ice-01.txt,
>> which describes how to check connectivity between address pairs of
>> two nodes (it is based on
>> http://ietf.org/internet-drafts/draft-ietf-mmusic-ice-19.txt).
>>
>> It would be nice if you could read these documents and post your
>> opinions about them.
>>
>> thanks,
>> -gabor
>>
>>
>> ---------------------------------------------------------------------
>> ---
>> *From:* mip6-firewall-bounces at zeke.ecotroph.net
>> [mailto:mip6-firewall-bounces at zeke.ecotroph.net] *On Behalf Of *ext
>> Yaron Sheffer
>> *Sent:* Tuesday, November 06, 2007 9:09 AM
>> *To:* Suresh Krishnan
>> *Cc:* Roberto Baldessari; mip6-firewall at zeke.ecotroph.net
>> *Subject:* Re: [Mip6-firewall] Next Steps
>>
>> I'm probably coming in Sunday evening, unfortunately after the reception.
>>
>> Yaron
>>
>> Suresh Krishnan wrote:
>>> Hi Hannes,
>>> I may arrive on Saturday, but I am not sure. I would prefer a
>>> phone conference after the deadlines and a face2face probably
>>> before/after the welcome reception.
>>>
>>> Thanks
>>> Suresh
>>>
>>> Hannes Tschofenig wrote:
>>>
>>>> Hi Qiu
>>>> Hi all,
>>>>
>>>> we should
>>>> * update draft-krishnan-mip6-firewall
>>>> * arrange a phone conference before the IETF meeting
>>>> * arrange a face-to-face meeting at IETF#70.
>>>>
>>>> I wonder whether someone of you is already arriving on Saturday
>>>> before the meeting.
>>>> Gabor volunteered to setup a phone conf. call (ideally after the
>>>> submission deadlines).
>>>>
>>>> Ciao
>>>> Hannes
>>>>
>>>> QIU Ying wrote:
>>>>
>>>>> Hi, Firewall Folks:
>>>>>
>>>>> Should we update our draft "draft-krishnan-mip6-firewall-01"
>>>>> according to the feedback getting at IETF69?
>>>>>
>>>>> My comments are below"
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> 6. Firewall Recommendations for MIPv6
>>>>>> I-D: draft-krishnan-mip6-firewall-01 15 min
>>>>>> Suresh Krishnan
>>>>>> --------------------------------------
>>>>>> * presentation:
>>>>>> - different scenario: firewall protecting HA, MN, CN,
>>>>>> respectively
>>>>>> - recommends which kind of traffic should not be blocked by
>>>>>> firewalls
>>>>>> - Adopt as WG draft?
>>>>>>
>>>>>> * discussion
>>>>>> - hesham: just to clarify, only some firewalls in enterprise
>>>>>> networks block ipsec. Not in public networks
>>>>>> - frank: your solution makes network less safe (let all IPsec
>>>>>> traffic to HA through).
>>>>>> - Suresh: but this is the HA service, you have to let this
>>>>>> traffic through
>>>>>>
>>>>>>
>>>>> Frankly, in practice realm, home agents are very special nodes: 1)
>>>>> only few nodes are charged as home agents within a networks. 2)
>>>>> Home agent is normally functioned as a server or a stationary
>>>>> machine at least, so it is strong enough to protect itself (e.g.
>>>>> Jari mentioned access mechanisms) and not have to rely on the protection of firewall.
>>>>>
>>>>> A firewall that opens few channels for some specified robust nodes
>>>>> do not means to weaken the strength of network security.
>>>>>
>>>>> But in order to prevent the flood attacks, the firewall can
>>>>> constrain the throughput of these channels.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> - Alex: some operators don't want to allow RO due to security weaknessses
>>>>>> - Suresh: that's why we separated rules for RO and for non-RO
>>>>>>
>>>>>>
>>>>> No matter RO or non RO, the issue of IPsec packets through a
>>>>> firewall can not avoid due to home binding update.
>>>>>
>>>>>
>>>>> Any more comments?
>>>>>
>>>>> Regards
>>>>> Qiu Ying
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Roberto Baldessari" <Roberto.Baldessari at nw.neclab.eu>
>>>>> To: <nemo at ietf.org>; <mext at ietf.org>
>>>>> Sent: Tuesday, November 06, 2007 5:18 PM
>>>>> Subject: [MEXT] Nemo/Mext meeting at IETF-70?
>>>>>
>>>>>
>>>>>
>>>>> Hi all,
>>>>>
>>>>> According to the IETF draft agenda, no NEMO nor MEXT WG meeting
>>>>> has been scheduled yet. Are there plans to have one at IETF-70?
>>>>>
>>>>> Concerning the activity on automotive requirements for NEMO RO, we
>>>>> are in the process to update the doc according to the feedback we
>>>>> got at IETF-69 and preparing it to include/unify requirements from
>>>>> both C2C-CC and ISO CALM.
>>>>>
>>>>> Anyway, as (I guess) the contributions from CALM won't be ready in
>>>>> time for IETF-70, I don't have anything against waiting until
>>>>> IETF-71 to present a more complete document. Also, I hope that by
>>>>> then MEXT WG will be actually in place.
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Roberto
>>>>>
>>>>>
>>>>> ================================================
>>>>> Roberto Baldessari
>>>>> Research Scientist
>>>>> NEC Laboratories, Network Division, NEC Europe Ltd.
>>>>> Kurfuerstenanlage 36, D-69115 Heidelberg
>>>>> Tel. +49 (0)6221 4342-167
>>>>> Fax: +49 (0)6221 4342-55
>>>>> e-mail: roberto.baldessari at nw.neclab.eu
>>>>> web: http://www.netlab.nec.de/
>>>>>
>>>>> NEC Europe Limited | Registered Office:
>>>>> NEC House, 1 Victoria Road, London W3 6BL Registered in England
>>>>> 2832014 ================================================
>>>>>
>>>>> _______________________________________________
>>>>> MEXT mailing list
>>>>> MEXT at ietf.org
>>>>> https://www1.ietf.org/mailman/listinfo/mext
>>>>>
>>>>>
>>>>> ------------ Institute For Infocomm Research - Disclaimer
>>>>> -------------This email is confidential and may be privileged. If
>>>>> you are not the intended recipient, please delete it and notify us
>>>>> immediately. Please do not copy or use it for any purpose, or
>>>>> disclose its contents to any other person. Thank
>>>>> you.--------------------------------------------------------
>>>>> _______________________________________________
>>>>> Mip6-firewall mailing list
>>>>> Mip6-firewall at zeke.ecotroph.net
>>>>> https://zeke.ecotroph.net/mailman/listinfo/mip6-firewall
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Mip6-firewall mailing list
>>>> Mip6-firewall at zeke.ecotroph.net
>>>> https://zeke.ecotroph.net/mailman/listinfo/mip6-firewall
>>>>
>>>
>>> _______________________________________________
>>> Mip6-firewall mailing list
>>> Mip6-firewall at zeke.ecotroph.net
>>> https://zeke.ecotroph.net/mailman/listinfo/mip6-firewall
>>>
>>>
>> ---------------------------------------------------------------------
>> ---
>>
>> _______________________________________________
>> Mip6-firewall mailing list
>> Mip6-firewall at zeke.ecotroph.net
>> https://zeke.ecotroph.net/mailman/listinfo/mip6-firewall
>>
>
> --
> Niklas Steinleitner Tel: +49 551 3913583
> Institute for Informatics steinleitner at cs.uni-goettingen.de
> University of Göttingen http://www.tmg.informatik.uni-goettingen.de
> Lotzestrasse 16-18
> D-37083 Göttingen, Germany
>
>
> ----------------------------------------------------------------------
> --
>
> _______________________________________________
> Mip6-firewall mailing list
> Mip6-firewall at zeke.ecotroph.net
> https://zeke.ecotroph.net/mailman/listinfo/mip6-firewall
_______________________________________________
Mip6-firewall mailing list
Mip6-firewall at zeke.ecotroph.net
https://zeke.ecotroph.net/mailman/listinfo/mip6-firewall
More information about the Mip6-firewall
mailing list