On Sun, Mar 19, 2006 at 04:17:24PM -0800,
william(at)elan.net [EMAIL PROTECTED] wrote
a message of 92 lines which said:
Either all submissions are rejected due to load or none.
I disagree. Even with good and honest engineers, there are enough
people in the world to overload the IESG. But
On Sun, Mar 19, 2006 at 01:46:30AM -0800,
Mohsen BANAN [EMAIL PROTECTED] wrote
a message of 73 lines which said:
In general, I consider the garbage that IESG puts in non-IETF RFCs
as a badge of honor for the author.
For example, the negative IESG note in the original HTTP specs and
the
On Sat, Mar 18, 2006 at 02:09:47PM -0800,
Hallam-Baker, Phillip [EMAIL PROTECTED] wrote
a message of 163 lines which said:
The Internet has a signalling layer, the DNS. Applications should
use it. The SRV record provides an infinitely extensible mechanism
for advertising ports.
I agree
On Sun, Mar 19, 2006 at 12:42:17PM -0800,
Ned Freed [EMAIL PROTECTED] wrote
a message of 35 lines which said:
The privileged port concept has some marginal utility on multiuser
systems where you don't Joe-random-user to grab some port for a well
known service.
had, not has. The concept was
Title: Re: Guidance needed on well known ports
Refusing new registrations is what I meant by closing the registry.
Of course it is not possible to change the way deployed systems work retrospectively.
The question was about a new protocol.
We are about to see several thousand new web
Title: Re: Complaints Against The IESG and The RFC-Editor About Publication of RFC-2188 (ESRO)
The comments on http are rather amusing when you consider we spent the next five years trying to act on them.
At the time the CERN connection to the internet was a T1. Everyone including Tim
Title: Re: Guidance needed on well known ports
Dns is essential already.
Firewalls can cope
-Original Message-
From: Joe Touch [mailto:[EMAIL PROTECTED]]
Sent: Sun Mar 19 21:02:42 2006
To: [EMAIL PROTECTED]; ietf@ietf.org; netconf@ops.ietf.org
Subject: Re: Guidance needed on well
Title: Re: Guidance needed on well known ports
Two points here.
First, I totally agree with Phillip that closing
the registry is the right direction to head. It would be lovely if this became a
consideration in new protocol work at the IETF. I'm not sure how quickly we can
actually close
Stephane Bortzmeyer wrote:
It is true that the IESG Notes in RFC 1945 and RFC 1630 are quite
embarassing for the IETF today but you are not Tim Berners-Lee. For
one genius who had trouble being recognized at the beginning, there
are thousands of monkeys-with-keyboards who are rightly ignored.
Refusing new registrations is what I meant by closing the registry.
This would be a disaster. It would mean that application designers
would just pick ports at random (some do this already) and there would
be no mechanism for preventing conflicts.
Regarding SRV, it's not acceptable to
Dns is essential already.
false. but even to the extent that this is true, this is a bug, not a
feature.
Firewalls can cope
but new applications can't.
Keith
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
All -
Information on the audio from the rooms can be found at:
http://videolab.uoregon.edu/events/ietf/
or you can go th http://www.ietf65.org and find a link to
the audio services on the top level page.
--
Lucy E. Lynch Academic User Services
Computing Center
Stephane Bortzmeyer wrote:
On Sun, Mar 19, 2006 at 12:42:17PM -0800,
Ned Freed [EMAIL PROTECTED] wrote
a message of 35 lines which said:
The privileged port concept has some marginal utility on multiuser
systems where you don't Joe-random-user to grab some port for a well
known service.
Lucy E. Lynch wrote:
All -
Information on the audio from the rooms can be found at:
http://videolab.uoregon.edu/events/ietf/
or you can go th http://www.ietf65.org and find a link to
the audio services on the top level page.
Could someone please place a link to this info on
On Mon, 2006-03-20 at 12:09 +0100, Stephane Bortzmeyer wrote:
Ned Freed [EMAIL PROTECTED] wrote:
The privileged port concept has some marginal utility on multiuser
systems where you don't Joe-random-user to grab some port for a well
known service.
had, not has. The concept was invented
In general I agree with Phillip but not in this case due to the risks of
circular dependencies.
Eliot
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
Stephane Bortzmeyer wrote:
On Sun, Mar 19, 2006 at 12:42:17PM -0800,
Ned Freed [EMAIL PROTECTED] wrote
a message of 35 lines which said:
The privileged port concept has some marginal utility on multiuser
systems where you don't Joe-random-user to grab some port for a well
known service.
Hi,
I guess some people not in Dallas may have missed the news of the freak
local flooding here.
I was downtown with three colleagues and tried to come back to the hotel
around 5.30pm Sunday and hit the huge traffic jam. Our taxi couldn't cross
the freeway to the hotel side because the police
Ned Freed wrote:
But does that student have access to the root account on servers which
are part of the networking infrastructure? Who cares if Joe User
blows up his own config. on a PC that nobody else depends on but Joe?
But if nobody has local access to these servers, why is it is
Sounds to me like this comes under the Transport Area - at least
as far as flooding control is concerned. Avoidance of flooded
paths, on the other hand, might be a routing Area problem.
-- -Original Message-
-- From: Steven M. Bellovin [mailto:[EMAIL PROTECTED]
-- Sent: Monday, March
In case it wasn't intuitively obvious by the half submerged cars on the
access roads yesterday, driving through standing water is very
dangerous. And so is wading through it.
Eliot
___
Ietf mailing list
Ietf@ietf.org
Sounds a lot more like a distributed denial of service attack
to me.
Mike
Gray, Eric wrote:
Sounds to me like this comes under the Transport Area - at least
as far as flooding control is concerned. Avoidance of flooded
paths, on the other hand, might be a routing Area problem.
...
Hallam-Baker, Phillip wrote:
The comments on http are rather amusing when you consider we spent the next
five years trying to act on them.
At the time the CERN connection to the internet was a T1.
Er, the CERN connection to the NSFnet was a T1, or possibly an E1 by then.
CERN had much
Transport over flooded routes. Sounds like a plenary topic to me.
John
- original message -
Subject:RE: Venue requirements - canoe?
From: Gray, Eric [EMAIL PROTECTED]
Date: 03/20/2006 4:14 pm
Sounds to me like this comes under the Transport Area - at least
as far as flooding
Send text, please ;-)
Regards,
Jordi
De: Tim Chown [EMAIL PROTECTED]
Responder a: [EMAIL PROTECTED]
Fecha: Mon, 20 Mar 2006 16:05:45 +
Para: ietf@ietf.org ietf@ietf.org
Asunto: Venue requirements - canoe?
Hi,
I guess some people not in Dallas may have missed the news of the
you shouldn't allow unrestricted access to the network from unmanaged
hosts, that's a recipe for disaster.
no, what's a disaster is to use source IP addresses or port numbers as
an indication of trustworthiness on any network that extends beyond a
single room. the notion that you can manage
Title: Re: Guidance needed on well known ports
I concur.
On the firewalls issue I see no problem moving from port numbers to a coherent architected alternative.
What we should fear is the emergence of numerous ad hoc schemes because nobody proposed an acceptable common architecture. I am
Ned Freed wrote:
Stephane Bortzmeyer wrote:
On Sun, Mar 19, 2006 at 12:42:17PM -0800,
Ned Freed [EMAIL PROTECTED] wrote
a message of 35 lines which said:
The privileged port concept has some marginal utility on multiuser
systems where you don't Joe-random-user to grab some port for a
- Conclusion 2: There is no reason for standards to uphold the
distinction between 1024 and 1024 any more.
I agree that the requirement on UNIX-like systems to be root in order
to bind to ports 1024 is, in hindsight, a Bad Idea - but mostly
because of insufficient privilege granularity. I
Title: Re: Guidance needed on well known ports
The idea of requiring a privillege to access certain ports can have utility.
The idea of requiring root in a monolithic two level system like unix is a very bad one indeed. Http and smtp servers should not run as root. Forcing them to is bad
We have to work with what we have here, that unfortunately means original dns
plus the srv record.
I never cease to be amazed at people who insist on taking things that
basically work fairly well and replacing them with more complex
mechanisms that are known to work more slowly and less
[EMAIL PROTECTED] Guerilla Party Events for Monday
The IETF turned 20 this year. Besides the social, there will be a
little partying on the side (guerilla partying) for those who want to
celebrate 20 years of openness in Internet standards development.
**Grey Beard Day**
Today is Grey Beard
Ran,
I could argue with quite a lot of what you say, but
I won't. Cutting to the chase:
RJ Atkinson wrote:
...
The IAB (or possibly ISoc BoT, but more obviously IAB and
not the IESG) ought to be running and driving any process to create
or modify a formal RFC Editor charter, at least as
From: Keith Moore moore@cs.utk.edu
Regarding SRV, it's not acceptable to expect that as a condition of
deploying a new application, every user who wishes to run that
application be able to write to a DNS zone. Most users do not have DNS
zones that they can write to.
Yes.
On Mon, 20 Mar 2006 12:47:46 -0500 (EST), [EMAIL PROTECTED] (Noel
Chiappa) wrote:
Another option, now that I think about it, though, is a TCP option which
contained the service name - one well-known port would be the demux port,
and which actual application you connected to would depend on the
Harald Alvestrand wrote:
Carl Malamud wrote:
Hi Brian -
I agree with the first part (seek multiple proposals when possible
and appropriate). However, we may disagree on the last part
(transparent
as possible). My formulation would be transparent without the
qualifier. Transparent with a
From: Steven M. Bellovin [EMAIL PROTECTED]
Another option, now that I think about it, though, is a TCP option
which contained the service name - one well-known port would be the
demux port, and which actual application you connected to would
depend on the value in the TCP
It's the concept of well-known ports that's broken, not the provision for 65K
ports.
offhand I don't see why we need two kinds of names for services,
because that creates the need for a way to map from one constant to
another - and that mapping causes failures which seem entirely
unnecessary.
Noel Chiappa wrote:
From: Steven M. Bellovin [EMAIL PROTECTED]
Another option, now that I think about it, though, is a TCP option
which contained the service name - one well-known port would be the
demux port, and which actual application you connected to would
depend
...
Hallam-Baker, Phillip wrote:
The comments on http are rather amusing when you consider we spent the next
five years trying to act on them.
At the time the CERN connection to the internet was a T1.
Er, the CERN connection to the NSFnet was a T1, or possibly an E1 by then.
CERN
I was made aware of these comments that in some mysterious way didn't
make its way to my inbox. Sorry for the delay.
Comments in-line;
Stefan Santesson
Program Manager, Standards Liaison
Windows Security
Date: Tue, 28 Feb 2006 10:54:35 -0800
From: Wan-Teh Chang [EMAIL PROTECTED]
To: [EMAIL
Ned Freed wrote:
But does that student have access to the root account on servers which
are part of the networking infrastructure? Who cares if Joe User
blows up his own config. on a PC that nobody else depends on but Joe?
But if nobody has local access to these servers, why is it is
Joe Touch wrote on Monday 20 March 2006:
Hallam-Baker, Phillip wrote:
From: Joe Touch [mailto:[EMAIL PROTECTED]
And with what port would I reach this magical DNS that would
provide the SRV record for the DNS itself?
You use fixed ports for the bootstrap process and only for
The IESG has evaluated a request for an RFC 3683 PR-Action for JFC (Jefsey)
Morfin. Please see the following URL for the corresponding Last Call message
and associated information:
http://www1.ietf.org/mail-archive/web/ietf/current/msg40011.html
There was extensive discussion on the IETF list,
On 17 Mar 2006, at 22:53, Leslie Daigle wrote:
Suggestion? Are they independent submissions, or RFC Editor
contributions? They are clearly not currently IAB, IETF
or IRTF docs...
The crisp distinction between independent submission and
RFC Editor contribution has so far eluded me. If
I need to add a point of information regarding assisted in the text
below. I insisted that the solution support multiple name forms and
that the solution include a backward compatible mechanism as new name
forms are registered. I did offer some guidance during AD Review to
ensure that these
Hallam-Baker, Phillip wrote:
The idea of requiring a privillege to access certain ports can have utility.
The idea of requiring root in a monolithic two level system like unix is
a very bad one indeed. Http and smtp servers should not run as root.
Forcing them to is bad o/s design.
Bind is
Steven M. Bellovin wrote:
On Mon, 20 Mar 2006 12:47:46 -0500 (EST), [EMAIL PROTECTED] (Noel
Chiappa) wrote:
Another option, now that I think about it, though, is a TCP option which
contained the service name - one well-known port would be the demux port,
and which actual application you
Russ,
Thanks for that clarification.
This is what I poorly was trying to communicate.
Stefan Santesson
Program Manager, Standards Liaison
Windows Security
-Original Message-
From: Russ Housley [mailto:[EMAIL PROTECTED]
Sent: den 20 mars 2006 14:09
To: Stefan Santesson; [EMAIL
From: Harald Alvestrand [mailto:[EMAIL PROTECTED]
The IESG has concerns about this protocol, and expects
this document
to be replaced relatively soon by a standards track document.
The biggest concerns (that I remember) were:
- Over-consumption of IP addresses (fixed by the Host:
Gentlepeople,
Yesterday and this morning, we had an issue for the wired and
wireless networks in the Terminal Room area that prevented IPv4 RAs
from reaching the user devices. This has been resolved and we believe
we have v6 working now everywhere in the network. If anyone is using
the
- Conclusion 2: There is no reason for standards to uphold the
distinction between 1024 and 1024 any more.
I agree that the requirement on UNIX-like systems to be root in order
to bind to ports 1024 is, in hindsight, a Bad Idea - but mostly
because of insufficient privilege granularity.
On Mon, 20 Mar 2006 21:20:04 +0100, Peter Dambier
[EMAIL PROTECTED] wrote:
How bout the NIS portmapper on port 111 and RFC 1057
Most services do not use RPC. Virtually all of our TCP client-server
protocols would run unchanged after connection establishment with
TCPMUX.
On Mon, Mar 20, 2006 at 02:43:11PM -0600, Jim Martin wrote:
Gentlepeople,
Yesterday and this morning, we had an issue for the wired and
wireless networks in the Terminal Room area that prevented IPv4 RAs
from reaching the user devices. This has been resolved and we believe
we have
Err, I meant IPv6 RAs, obviously :-)
Clearly I need more sleep
- Jim
On Mar 20, 2006, at 2:43 PM, Jim Martin wrote:
Gentlepeople,
Yesterday and this morning, we had an issue for the wired and
wireless networks in the Terminal Room area that prevented IPv4 RAs
I'm not disagreeing with anything in this discussion.
However I don't think we need to address this in the discussed document.
The username in the defined domain hint is an account name and not
necessarily a host name. Name restrictions in this case are thus
governed by user name restrictions for
It's been suggested to me that RFC 3639 might be
relevant to this thread.
Brian
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
The NomCom has been asked to fill the seat on the IAB now vacant as a result
of the resignation of Pekka Nikander from his seat on the IAB. Therefore,
the NomCom is accepting nominations for a seat on the IAB, to fill the
remaining one year of the term of the vacant IAB seat. Nominations will
The IAB Job Description (on the referenced webpage) is informative,
but very generalized. Given that NomCom just finished recommending the
new slate of IAB members for 2006, I am hoping you could provide some
additional (e.g. more specific) guidance on unique skills or technical
The FAQ at www.ietf65.org says:
Is there free wired Internet access in the hotel rooms?
No.
While http://www.ietf.org/meetings/hotels_65.html says:
** Attendees with reservations within the IETF room block will
receive complimentary high speed Internet, local
Are they talking about two different SSID's?
-Scott
On 03/20/06 at 7:24pm -0500, Sam Weiler [EMAIL PROTECTED] wrote:
The FAQ at www.ietf65.org says:
Is there free wired Internet access in the hotel rooms?
No.
While http://www.ietf.org/meetings/hotels_65.html says:
**
WHen I checked in they told me I would have free inroom
internet access.
I used it saturday evening/sunday morning and by sunday eve,
I did not yet see a charge on my account, so I guess it WAS/IS
indeed free.
Bert
-Original Message-
From: Sam Weiler [mailto:[EMAIL PROTECTED]
Sent:
On Mon, 2006-03-20 at 11:51 -0500, Keith Moore wrote:
you shouldn't allow unrestricted access to the network from unmanaged
hosts, that's a recipe for disaster.
no, what's a disaster is to use source IP addresses or port numbers as
an indication of trustworthiness on any network that
Yesterday I had a discussion with Bernard Aboba about PANA. I think
that Bernard was talking to me because of my involvement in IEEE
802.11i. It appears to me the PANA WG has a major problem.
The PANA WG seems to have a fundamental misunderstanding about
802.11i. I believe that the people
The IETF65 site has updated the info:
Free Internet in the rooms?
This FAQ applies to:
Any version.
Is there free wired Internet access in
the hotel rooms?
Yes.
The secretariat negotiated free internet access for both wired and
wireless. You should be able to get through the hotel
The IETF65 site has updated the info:
Free Internet in the rooms?[ http://www.ietf65.org/tips-and-tools/faq ]
This FAQ applies to: Any version.
Is there free wired Internet access in the hotel rooms?
Yes. The secretariat negotiated free internet access for both wired and
If you have attended 50 or more IETF meetings, tell me so I can add
you to the 50+ list.
And, yes, for you doubters out there, some people have attended over
60 IETF meetings (even before there were free t-shirts.) That's dedication.
Susan
___
The IESG has approved the following document:
- 'DNSSEC Operational Practices '
draft-ietf-dnsop-dnssec-operational-practices-08.txt as an Informational
RFC
This document is the product of the Domain Name System Operations Working
Group.
The IESG contact persons are David Kessens and Bert
Tickets for the IEFT 65 Social Event Celebrating 20 years of IETF are
available at the IETF Registration Desk in the Tower Conference Registration.
Please visit http://www.ietf65.org/social for more information.
___
IETF-Announce mailing list
On March 7, 2006, the IESG received an appeal from Dean Anderson
(http://www.ietf.org/IESG/APPEALS/Anderson-appeal-03-08-2006.htm)
against its decision announced on January 5, 2006 at
http://www1.ietf.org/mail-archive/web/ietf-announce/current/msg01967.html
The IESG has read Mr Anderson's appeal
The IESG has received a request from the ADSL MIB WG to consider the following
document:
- 'Definitions of Managed Objects for Asymmetric Digital Subscriber Line 2
(ADSL2) '
draft-ietf-adslmib-adsl2-06.txt as a Proposed Standard
The IESG plans to make a decision in the next few weeks, and
IETF has arranged shuttle transportation between the Hilton Anatole and the West
End of Dallas with C. Horton Bus Company for all IETF attendees to explore some
of Dallas’ finest restaurants in the area.
Shuttle Schedule
- Sunday, March 19th through Thursday, March 23rd, the first shuttle will
72 matches
Mail list logo