IETF conflict review for draft-touch-tcp-ao-nat
conflict-review-touch-tcp-ao-nat-00
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2013-05-20
|
00 | Amy Vezza | The following approval message was sent From: The IESG To: "Nevil Brownlee" , draft-touch-tcp-ao-nat@tools.ietf.org Cc: The IESG , , Subject: Results of IETF-conflict review for … The following approval message was sent From: The IESG To: "Nevil Brownlee" , draft-touch-tcp-ao-nat@tools.ietf.org Cc: The IESG , , Subject: Results of IETF-conflict review for draft-touch-tcp-ao-nat-04 The IESG has completed a review of draft-touch-tcp-ao-nat-04 consistent with RFC5742. The IESG has no problem with the publication of 'A TCP Authentication Option NAT Extension' as an Experimental RFC. The IESG has concluded that this work is related to IETF work done in WG TCPM, but this relationship does not prevent publishing. The IESG would also like the RFC-Editor to review the comments in the datatracker related to this document and determine whether or not they merit incorporation into the document. Comments may exist in both the ballot and the history log. The IESG review is documented at: http://datatracker.ietf.org/doc/conflict-review-touch-tcp-ao-nat/ A URL of the reviewed Internet Draft is: http://datatracker.ietf.org/doc/draft-touch-tcp-ao-nat/ The process for such documents is described at http://www.rfc-editor.org/indsubs.html Thank you, The IESG Secretary |
|
2013-05-20
|
00 | Amy Vezza | IESG has approved the conflict review response |
|
2013-05-20
|
00 | Amy Vezza | Closed "Approve" ballot |
|
2013-05-20
|
00 | Amy Vezza | State changed to Approved No Problem - announcement sent from Approved No Problem - announcement to be sent |
|
2013-05-16
|
00 | Cindy Morgan | State changed to Approved No Problem - announcement to be sent from IESG Evaluation |
|
2013-05-16
|
00 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded for Gonzalo Camarillo |
|
2013-05-15
|
00 | Spencer Dawkins | [Ballot comment] This is the lamest comment in the history of conflict reviews, but I found the title, "A TCP Authentication Option NAT Extension", confusing … [Ballot comment] This is the lamest comment in the history of conflict reviews, but I found the title, "A TCP Authentication Option NAT Extension", confusing (we're extending TCP-AO, not NATs). The abstract is much clearer: This document describes an extension to the TCP Authentication Option (TCP-AO) to support its use over connections that pass through network address and/or port translators (NATs/NAPTs). Not a big deal, but perhaps this could be considered as the document moves through the process. |
|
2013-05-15
|
00 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
|
2013-05-15
|
00 | Richard Barnes | [Ballot Position Update] New position, No Objection, has been recorded for Richard Barnes |
|
2013-05-13
|
00 | Stewart Bryant | [Ballot comment] I checked with the IDR and SIDR WGs and no concerns were raised. I have hence cleared my Discuss. There was one technical … [Ballot comment] I checked with the IDR and SIDR WGs and no concerns were raised. I have hence cleared my Discuss. There was one technical comment which I pass to the author for his consideration: >> TCP-AO-NAT SHOULD NOT be used with both flags set in IPv4, however, as the result would rely entirely on the ISNs alone. The preceding paragraph says that the ISNs alone provide most of the randomness ("KDF input randomness is thus expected to be dominated by that of the ISNs") so the justification for the sentence quoted above isn't obvious. - RFC5389 is all very well, and broadly related to the topic. But the citation is provided without context, or more accurately, it's cited out-of-context. I was expecting to go look at RFC5389 to find out something useful about localNAT and remoteNAT, but no. |
|
2013-05-13
|
00 | Stewart Bryant | [Ballot Position Update] Position for Stewart Bryant has been changed to No Objection from Discuss |
|
2013-04-25
|
00 | Cindy Morgan | Telechat date has been changed to 2013-05-16 from 2013-04-25 |
|
2013-04-25
|
00 | Stewart Bryant | [Ballot discuss] I am sorry for the late Discuss. I would like to check with the SIDR and IDR WGs to see if this has … [Ballot discuss] I am sorry for the late Discuss. I would like to check with the SIDR and IDR WGs to see if this has any implications for their protocols. |
|
2013-04-25
|
00 | Stewart Bryant | [Ballot Position Update] Position for Stewart Bryant has been changed to Discuss from No Objection |
|
2013-04-25
|
00 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
|
2013-04-25
|
00 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
|
2013-04-25
|
00 | Stephen Farrell | [Ballot comment] I wondered if it'd be worth adding some security consideration text about possible attacks that might be enabled by this if e.g. there's … [Ballot comment] I wondered if it'd be worth adding some security consideration text about possible attacks that might be enabled by this if e.g. there's a load balancer on the NAT'd end with different devices behind the NAT having the same master key - presumably a bad actor might be able to re-direct or replay some traffic even if there's a low probability that that'd not be detected unless a large amount of traffic is re-directed or replayed. Not sure if the attack is practical though, I guess it'd need a sequence number collision. |
|
2013-04-25
|
00 | Stephen Farrell | [Ballot Position Update] New position, No Objection, has been recorded for Stephen Farrell |
|
2013-04-25
|
00 | Ted Lemon | [Ballot Position Update] New position, No Objection, has been recorded for Ted Lemon |
|
2013-04-25
|
00 | Sean Turner | [Ballot comment] No objection to the draft, but I am curious whether the clients will know they're behind a NAT or whether all clients will … [Ballot comment] No objection to the draft, but I am curious whether the clients will know they're behind a NAT or whether all clients will end up setting this all the time. |
|
2013-04-25
|
00 | Sean Turner | [Ballot Position Update] New position, No Objection, has been recorded for Sean Turner |
|
2013-04-24
|
00 | Martin Stiemerling | Removed telechat returning item indication |
|
2013-04-24
|
00 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
|
2013-04-24
|
00 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
|
2013-04-24
|
00 | Pete Resnick | [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick |
|
2013-04-24
|
00 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded for Stewart Bryant |
|
2013-04-23
|
00 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel |
|
2013-04-23
|
00 | Martin Stiemerling | [Ballot Position Update] New position, Yes, has been recorded for Martin Stiemerling |
|
2013-04-23
|
00 | Martin Stiemerling | Created "Approve" ballot |
|
2013-04-23
|
00 | Martin Stiemerling | State changed to IESG Evaluation from AD Review |
|
2013-04-23
|
00 | Martin Stiemerling | New version available: conflict-review-touch-tcp-ao-nat-00.txt |
|
2013-04-11
|
00 | Jari Arkko | Telechat date has been changed to 2013-04-25 from 2013-04-11 |
|
2013-04-11
|
00 | Jari Arkko | State changed to AD Review from Needs Shepherd |
|
2013-04-11
|
00 | Jari Arkko | Martin has agreed to take on this document. |
|
2013-04-11
|
00 | Jari Arkko | Shepherding AD changed to Martin Stiemerling |
|
2013-04-10
|
00 | Cindy Morgan | The draft draft-touch-tcp-ao-nat-04 is ready for publication from the Independent Stream. Please ask IESG to review it, as set out in RFC 5742. The … The draft draft-touch-tcp-ao-nat-04 is ready for publication from the Independent Stream. Please ask IESG to review it, as set out in RFC 5742. The following is some background for this draft, please forward it to IESG along with this request ... It's abstract says: This document describes an extension to the TCP Authentication Option (TCP-AO) to support its use over connections that pass through network address and/or port translators (NATs/NAPTs). This extension changes the data used to compute traffic keys, but does not alter TCP-AO's packet processing or key generation algorithms. It was reviewed by Brian Carpenter, its author (Joe Touch) published this -04 version, which has addressed the issuies Brian raised. Thanks, Nevil (ISE) -- Nevil Brownlee (ISE), rfc-ise@rfc-editor.org |
|
2013-04-10
|
00 | Cindy Morgan | Placed on agenda for telechat - 2013-04-11 |
|
2013-04-10
|
00 | Cindy Morgan | IETF conflict review requested |