Agenda bashing (Jari)
--------------

IPv4-IPv6 co-existence work (Jari)
---------------------------

Jari presents.

IETF Interim -- Malta (Jari)
---------------------

Jari: Raise your hand if you plan to attend the meeting and haven't
raised your hand in behave: 1

Raise your hand if you plan to attend remotely if you haven't raised
your hand in Behave WG: 2.5

Charlie: We have general meeting already and that adds more travel
requirements....

Unknown: Have we considered adding more time to an existing meeting?

Mark: We did that already on Friday.

Jari: Do I have to be away two weeks from home.

Pete: There are two jabber participants that would like to participate
remotely.


Tunnel Issues (Joe Touch)
IPv4 ID Uniqueness (Joe Touch)
------------------------------

http://tools.ietf.org/html/draft-touch-intarea-ipv4-unique-id
http://tools.ietf.org/html/draft-touch-intarea-tunnels

Update on drafts, request for feedback
- Relationship to tunnel security
  = separate vs. integrating
  = don't want a 500 pg document

- IPv4 ID Uniqueness
  = If the source has NOT fragmented the packet,
    should "ignore" the IPv4_ID field
  = Updating document as standards track!
  = Brings IPv4 ID in line with IPv6 frag field
  = Including context & implications
  = Fixed IDs already occurring (e.g. cellphones)
  = Can't reuse unused bits
  = May help ROHC if known
  = Can't rely on fields being unique if wrapped.

Suresh: Thinks the v6 way is one thing, but in v4 there's an ID that
makes it easier for a node to fragment

Joe: V6 does only frgamentation on end-point. There's no good reason
to do it different from v6 since we're trying to transition. If you do
fragmentation in the middle there's a risk that receiver reassemble
fragment that are not from the same packets. We suggest to use similar
mechanism as PMTUD / ICMP packet too big.

Fred Templin: The ID serves as some sort of nonce. In the ICMP error
you might only get back 8 biytes of the transport header that wouldn't
let you figure out which packet triggered the error.

Joe: Already many stacks send back as many bytes as they can in the
ICMP error.

Jari: With the tunneling doc we need more reviews before we can send
the document for publication.


Security concerns with tunneling (Dave Thaler)
--------------------------------
http://tools.ietf.org/html/draft-ietf-v6ops-tunnel-security-concerns
http://www.ietf.org/proceedings/08jul/slides/v6ops-5.pdf

Earlier discussed in the context of Teredo, but this is actually a
more general problem.

- Started off to be about Teredo, even before Dave got to it.
- As of Dublin, it was no longer even a v6ops document, but since
  the update did not happen that is still in the name.
- Security devices often do packet expectation.
- "If" tunnels bypass the mechanism ==> admins hate them
- Admin preference: don't automatically "tunnel through"
  a "managed network".  But how dow we know?
- Terminating at the boundard of a managed network is O.K.
- Should prefer native functionality (?vs. tunneled funct?)
- How can the tunneled data packet be identified?
  = protocol #/port #/tunnel server addr.(!)/do the work
    [but these can produce false positives, ...]
- Not dropping is seen to "increase the exposure" of,
  say, the firewall
- Exposure of a NAT hole
  = NAT mappings kept stable means more discoverable
  = External address/port may be easy to learn from the
    client's inner address which may be in DNS, p2p, etc.
  = Tunneled packets seen by more parties (on average)
- Public Tunnels "widen holes"
  = some devices only allow packets from previous destinations
  = may eliminate the "need" for the attacker to spoof
  = recommend only when needed
  = consider whether should do stateful filtering
- Guessing addresses (v6 is usually harder)
  = but well-known addresses
  = try to use popular server addresses (google)
  = some address bits are ususally the same
- Profiling targets
  = knowing host platform helps target attacks
  = e.g., knowing if NAT is a Cone NAT.
  = This applies to MAC-generated addresses
- Source routing [RFC 5095]
- Mark: Combine with Joe's document?
- Joe Touch: could be sent as a pair.  There are other security
  considerations that are needed and not in Dave's document. You might
  tweak the title, because it really has to do with devices on the
  ingress and the egress interacting with the tunnel.
- Brian Carpenter: draft is a lot more negative than
  the talk; could be used as an excuse to block a
  lot of IPv6 tunnels.
- Mark: maybe we also need how to make tunnels work,
  not just what is wrong with them.


Tunnel Loops and Its detection (Mohana)
------------------------------
http://tools.ietf.org/html/draft-ng-intarea-tunnel-loop-00.txt

A new issue, brought up in the mobility context but also
a generic issue.

- <description of how tunnel loops can be formed.
- increases overhead; packet will be routed indefinitely.
- existing solutions: GRE 3-bit recursion field,
                      RFC 2473 TEL option
- Proposal: add an identifier to the tunnel header
  = Could be TEL field, GRE field, GRE key

Joe: The counters don't differentiate b/w ... What is identified by
the tunnel IDs?

Mohanna: The tunnel IDs identifies the entry point.

Hesham: I thought the IDs were identifying the packets.

Ahmad: I have doubt that this is possible using MIPv6 because the last
binding to the HA will never make it to the HA and will be dropped.
The inner packet has to have the source address...

Mohanna: ...

Ahmad: We can discuss that further... but I still don't understand how
that can happen with Mobile IPv6

Mark: Can I generate this comment as all these tunnels are created by
control protocols, and if these control protocols are doing their jobs
this won't happen.

Ahmad: Yes.

Mark: It would be sueful to know if this is really about robustness,
somehow something got mis-setup, and you want to recover from that,
versus this is something dynamic where you want to detect that and
react. This picture I'd argue there was a misconfiguration. You have
multple domains and one domain doesn't know what the other domain is
doing.

XXX: I have a question about the ID you're using. You're adding an ID
for every tunnel entry point a packet crosses?

Mohanna: No, only the first time.

XXX: If I get in a situation where I remember all the tunnel IDs where
I go thru then the router has to go thru all the list of tunnel IDs
that were recorded.

Mark: We're running out of time, I think the problem statement needs
more work before we talk about solutions. The solution there are
pretty heavyweight.

Jari: If you have comment on the problem, not the solution, please
make it quickly.

Lars: If you have TTL and the source address, you can detect the loop.

Joe: You don't look at the TTL until you decapsulate. The second thing
that worries me is when you encrypt. The tunnel encrypters are willing
to send the ID in clear that allows you to do trace detection.

XXX: Look at RFC XXX, its much more general, what you have here is
only a subset.

Suresh: We have presented this issue in MEXT and people says there's
no issue. There's an additional issue of MIPv6 letting you send BU
from a topologically incorrect address.

Hesham: I don't think there's much work to do to present the problem,
the hard part is actually finding a solution that works.

Fan Zao: ...

XXX: This is an infrastructure problem that can be solved thru OAM.


Extending ICMP for Interface and Next-Hop Identification (Alia Atlas)
--------------------------------------------------------
http://tools.ietf.org/html/draft-atlas-icmp-unnumbered

Checking agreement in the group for the last

     - WG last call results: clean-up, fixed bug related
       to the encoding order
     - Added mechanism to include next-hop address
     - merges infor from watkins-icmptype11code0
     - NAT interactions: external realm address unchanged
     - ready for WG last call


UDP traceroute extensions (Rajiv Asati)
-------------------------

http://tools.ietf.org/html/draft-shen-udp-traceroute-ext

     - Problem: no "options" in UDB header
     - more ICMP extensions (RFC 4884) being defined
     - no authentication of traceroute probe
     - no mechanism to request particular extensions
     - Goal: provide method for UDP traceroute that
       can be authenticated and with particular extensions
       and so it is backwards compatible way.
     - Basic idea: extensions after legacy data
     - New extensions: header/auth/info-request fields
     - reserve lowest 4 bits of UDP source port to
       contain the original length!
     - packet formats for the three header/auth/info-request fields
     - looking for feedback

Alia: The idea of being able to authenticate/verify the requester is
really interesting, that's very nice, but I don't agree with the
solution.

Mark: If you have load balancer you're going to spread these UDP
packets all around, I'm a little worried too.

Rajiv: The proposal doesn't really break anything, application should
whatever UDP port.

Ron Bonica: An alternative would be to...

Private addresses (Yoshihiro Shirasaki)
-----------------

http://tools.ietf.org/html/draft-shirasaki-isp-shared-addr

     - Routing Issue of private address: packet 10.0.0.12 does
       not know where to go.
     - How large address space is needed?
     - One /8 may not be enough, but four /8s might be too much.
     - CGN NAT444 needs address.. working group draft?
     - If this proposal is not passed, IPv4 depletion comes sooner.
 
Mark: The CGN 44NAT is something that wasn't chartered in softwire or
behave, it was carefully not charteerd. When we're going to charter,
we need to understand if we can use 1918 space. Akihiro says it's
impossible, and has some evidence. That's my evidence. We won't be
deciding today.

Tim Shepard: If I'm hooked to two different ISPs, you have to figure
out which way to go... But this introduces the situation where you
have an address that can be...

Mark: You get the same thing with 1918. This is the general
problem. We're asking about the specific issue.

Alain: This is a bad idea. It only works for some of the providers,
and is essentialy giving special treatment to providers with a given
size.

James Woodwyat: You're asking for bigger address space to do NAT444,
while at the same time you refuse to give customer addresses to deploy
6to4...

Dave Thaler: If the IETF would backo

Marc Blacnhet: I understand the idea, I like the idea, however the
side effect would just make everybody starting to use 10.x, it would
make the private address space larger.

Mark: This is address space shared by ISPs.

Marc: How do you enforce that.

Mark: In the same way that NATs don't give global addresses in the
inside, because that wouldn't work.

Jari: I'm concerned that if double NAT requires additional address
space, then what happened with triple NAT, will we need more address
space. I'm afraid that is not solving the problme.

James Woddwyat: Why can't you pool the existing allocation you got and
use them as share them as shared addresses.

Mark: RIR wanted to do that, and APNIC said they should ask first to
IETF, thus we should decide here instead of pointing finger back.

James: Is there a techincal objection in doing it in the way I propose
or is it political issue.

Presenter: It is possible but better in that way.

James: What makes it better techincally.

Remi D-C: ...

Tony Hain: Every provider has to go to get space. If they would go
together it would reduce depletion rate... I have a solution, allocate
all the remaining address space to that.

Arifumi Matsumoto: Doing this within two years in operational point of
view is impossible...