Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP
Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Sat, 22 September 2007 14:24 UTC
Return-path: <apps-review-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZ5ub-0003Ca-Q0; Sat, 22 Sep 2007 10:24:49 -0400
Received: from apps-review by megatron.ietf.org with local (Exim 4.43) id 1IZ5ua-0003CV-KF for apps-review-confirm+ok@megatron.ietf.org; Sat, 22 Sep 2007 10:24:48 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZ5ua-00035f-Ad for apps-REVIEW@ietf.org; Sat, 22 Sep 2007 10:24:48 -0400
Received: from mail.gmx.net ([213.165.64.20]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1IZ5uP-0006nk-0g for apps-REVIEW@ietf.org; Sat, 22 Sep 2007 10:24:38 -0400
Received: (qmail invoked by alias); 22 Sep 2007 14:24:20 -0000
Received: from p54987604.dip.t-dialin.net (EHLO [192.168.1.4]) [84.152.118.4] by mail.gmx.net (mp018) with SMTP; 22 Sep 2007 16:24:20 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX180r8pEg2k0M2miYfoEEjY7MZr9diIP1kP9eqcUfa AzqqyTjsP7Qfa+
Message-ID: <46F52594.305@gmx.net>
Date: Sat, 22 Sep 2007 16:24:20 +0200
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Barry Leiba <leiba@watson.ibm.com>
Subject: Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP
References: <46E93396.2090003@gmx.net> <F6E2234BBB9D34C94306BF50@446E7922C82D299DB29D899F> <46F4E31A.2050700@gmx.net> <3EF861EB9E7E71DCF1B32820@Uranus.local>
In-Reply-To: <3EF861EB9E7E71DCF1B32820@Uranus.local>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 82c9bddb247d9ba4471160a9a865a5f3
Cc: apps-REVIEW@ietf.org
X-BeenThere: apps-review@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Applications Review List <apps-review.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/apps-review>, <mailto:apps-review-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/apps-review>
List-Post: <mailto:apps-review@ietf.org>
List-Help: <mailto:apps-review-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/apps-review>, <mailto:apps-review-request@ietf.org?subject=subscribe>
Errors-To: apps-review-bounces@ietf.org
Hi Barry, Barry Leiba wrote: >> I am not sure whether the separate port number idea will find a lot of >> excitement since the downside is that a network operator that just >> does not >> care about the specific protocol (even through he does not mind >> allowing end >> hosts to run it) will essentially block it. > > Hannes, I'm not sure I understand what you're saying here, so maybe > you should explain more. What I read it as saying is that you don't > like using a separate port because you *want* to sneak through > firewalls without telling the firewall administrators. There be > dragons, and that was Chris's point. A protocol that looks like HTTP > but is used for a different purpose should be on a different port. > > Actually, I've had this argument with people within my company too, > and it might be that we aren't clear about what the port-number list > *is*: it should be more like a list that maps *applications*, rather > than *protocols*, to ports. In most cases, that's the same. But with > SMTP and HTTP, at least, it's not. > I agree that it would be nice to allow administrators to make these type of decisions. In other areas in the IETF folks also had the idea that the network administrators are going to configure their networks in such a way that the protocols would work. SIP and NAT/Firewall traversal is a good example. It took a while to realize that this is not a good approach. DSKPP is an application layer protocols that allows an end point to retrieve keying material for usage with other protocols. Typically, the client on an end host will interact with a server in it's home network. If I am in a hotel network and want to obtain new keying material for usage with my VPN client and the network administrator of the hotel network does not know the port number used by DSKPP then it might happen that I just cannot use the protocol. Now, there are also other protocols flying around in this space; actually a large number of protocols in this identity management space that happen to run on top of HTTP without using an additional port (at least to my knowledge). I don't see why these protocol should work in all environments (where HTTP traffic is allowed to bypass a middlebox) but a protocol developed within the IETF isn't just because there is this idea of a "clean architecture". Does my reasoning make sense to you? Ciao Hannes > Barry _______________________________________________ APPS-REVIEW mailing list APPS-REVIEW@ietf.org https://www1.ietf.org/mailman/listinfo/apps-review
- [APPS-REVIEW] Review of HTTP Binding for DSKPP Hannes Tschofenig
- [APPS-REVIEW] Review of HTTP Binding for DSKPP Hannes Tschofenig
- [APPS-REVIEW] Re: Review of HTTP Binding for DSKPP Hannes Tschofenig
- Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP Chris Newman
- Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP Hannes Tschofenig
- Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP Julian Reschke
- Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP Hannes Tschofenig
- Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP Julian Reschke
- Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP Barry Leiba
- Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP Hannes Tschofenig
- Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP Hannes Tschofenig
- Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP Julian Reschke
- Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP Hannes Tschofenig
- Re: [APPS-REVIEW] Review of HTTP Binding for DSKPP Chris Newman
- RE: [KEYPROV] Re: [APPS-REVIEW] Review of HTTP Bi… Hallam-Baker, Phillip
- RE: [KEYPROV] Re: [APPS-REVIEW] Review of HTTP Bi… Chris Newman
- Re: [KEYPROV] Re: [APPS-REVIEW] Review of HTTP Bi… Mark Nottingham
- RE: [KEYPROV] Re: [APPS-REVIEW] Review of HTTP Bi… Hallam-Baker, Phillip
- RE: [KEYPROV] Re: [APPS-REVIEW] Review of HTTP Bi… Hallam-Baker, Phillip
- Re: [KEYPROV] Re: [APPS-REVIEW] Review of HTTP Bi… Julian Reschke
- RE: [KEYPROV] Re: [APPS-REVIEW] Review of HTTP Bi… Hallam-Baker, Phillip