[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Revised drafts -- Arch, AH, ESP

To: bsimpson@morningstar.com
Subject: Re: Revised drafts -- Arch, AH, ESP
From: Karen Seo <kseo@bbn.com>
Date: Tue, 14 Jul 98 2:41:48 EDT
cc: iesg@ietf.org, ipsec@tis.com, kseo@bbn.com
Sender: owner-ipsec@ex.tis.com

Hello Bill,

>>....  I just thought I ought to tell you, since this error affects the
>>work of so many other IETF WGs.

	Since your email is addressed to the IESG (and cc'd to ipsec),
	presumably your comments are intended for the IESG.  However,
	just in case your feedback is intended primarily for the IPsec
	community and/or document editors, I've attached the rationale
	for this change below....  In short, the note was intended to
	address Thomas Narten's question/recommendation.  Charlie Lynn
	didn't hear back from any routing experts or other IETF folks so
	we went ahead with Thomas Narten's proposal (per Ted's direction
	on 5/22).

Thank you,
Karen


[From email to ipsec community from Ted Ts'o on 5/22/98]

>From: Thomas Narten <narten@hygro.raleigh.ibm.com>
>To: iesg@ietf.org
>Date: Fri, 24 Apr 1998 17:55:25 -0400
>Subject: Re: Ballot: Security Architecture for the Internet Protocol to Proposed Standard 
>......
>Text relating to decrementing TTL of inner header of encapsulated
>packet needs clarification.  Text should be clarified to say TTL
>decremented only if packet was forwarded (i.e., the forwarding
>operation is what decrements the TTL, not the fact that a complete IP
>packet is being encapsulated again upon entry to an IPSec tunnel). If
>packet originates from node, TTL is left unchanged. This is consistent
>with the current general practice of when to decrement TTLs, and some
>aspects of IPv6 protocols (i.e, ND) depend on it.

   My understanding is that everyone is implementing this anyway.
   Thomas in a later message suggested the following clarification, to
   be added after the text which described when the TTL in the inner
   header should be decremented:

	   Note: The decrementing of the TTL is one of the usual
	   actions that takes place when forwarding a packet. Packets
	   originating from the same node as the encapsulator do not
	   have their TTLs decremented, as the sending node is
	   originating the packet rather than forwarding it.

   Charile Lynn has sent mail dissenting, claiming that it would be a
   bad thing to do this since it would imply that this would imply that
   IPSEC tunnels change the Internet Routing Topology, and if so, they
   might have to conform to all requirements for Internet Routers.  (I
   don't think that's the case today for normal IP-IP tunnels, is it?)

   Not clear what's the best way to resolve it.  If Charlie is right
   that this has some bad architectural implications, can we please get
   some Internet Routing experts to explain to us exactly what the
   problem is please?  (and quickly).

   If my sense that everyone is implementing it the way Thomas and what
   apparently what most of the IPV6 working group wants, then we might
   as well document that in the spec.  My instincts are to document what
   people are actually implementing and shipping as products, and if
   it's a problem we can fix it later.  This is *only* a proposed
   standard folks ---- we don't have to wait until it is perfect (and
   the technology obsolete) before we ship it.

.......

Prev by Date: Re: Revised drafts -- Arch, AH, ESP
Next by Date: Re: Revised drafts -- Arch, AH, ESP
Prev by thread: Re: Revised drafts -- Arch, AH, ESP
Next by thread: Re: Revised drafts -- Arch, AH, ESP
Index(es):
- Main
- Thread