Toerless Eckert <[email protected]> wrote: > Anyhow. let me just list what i think is necessary to fi up the GRASP so it works > for both TLS and IPinIP.
You seem to write TLS in a few places where TCP is actually called for.
To be more precise, it's static 1:1 destination NAT66, aka "port-forward"
> e) Add at end of 4.1.1 suggested text:
> The transport-proto of the locator-option indicates the mechanism(s)
> supported by the proxy to the pledge. IPPROTO_TCP indicates the
> mandatory ANI TLS circuit proxy. IPPROTO_IPV6 indicates the optional
> IPinIP proxy, see Appendix C. IPPROTO_UDP would indicate a future
> CoAP mechanism, see Section 4.2. For IPPROTO_IPV6, proto-number
> MUST be 0.
> The above example shows a proxy supporting both ANI TLS circuit proxy
> and IP in IP proxy.
This would seem to be the only needed text to me.
> b) Please consider improving the example as above for 4.1.1:
> - lead in text for example
> - example title
> - [ [ objective, locator-option ] ] structure fix
> - Ideally also include both TLS and IPinIP options in example
> Also:
> - I find the use of port 80 in the example highly confusing given how
> the TCP connection MUST use TLS. Please change to AB80 (anything but
> 80).
okay.
> So, your full example locators with objectives would be:
> [["AN_join_registrar", 4, 255], [O_IPv6_LOCATOR, fd45:1345::6789, 6,
443]] ]
> [["AN_join_registrar", 4, 255], [O_IPv6_LOCATOR, fd45:1345::6789, 17,
5683] ]
> [["AN_join_registrar", 4, 255], [O_IPv6_LOCATOR, fe80::1234, 41, 0] ]
> Is this join registrar supporting ANI TLS proxy ?
> Aka: i can't distinguish for the TCP locator whether it just indicates
> a permitted TCP port for the IPinIP proxy or whether it indicates
> the TCP port supported for IPinIP. And even if the proxy supports both,
> its not clear to me that the TCP ports for "native" would be the same as
> for IPinIP. Maybe its different code-paths == different ports.
I'm sorry, I don't even understand the problem.
Maybe someone else can translate for me.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
