1 / 8

NAT/Firewall NSIS Signaling Layer Protocol (NSLP) draft-ietf-nsis-nslp-natfw-14.txt

NAT/Firewall NSIS Signaling Layer Protocol (NSLP) draft-ietf-nsis-nslp-natfw-14.txt. Martin Stiemerling, Hannes Tschofenig, Cedric Aoun, Elwyn Davies NSIS Working Group, 68th IETF meeting. Draft Update (1). Working group review comments incorporated.

nanji
Download Presentation

NAT/Firewall NSIS Signaling Layer Protocol (NSLP) draft-ietf-nsis-nslp-natfw-14.txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NAT/Firewall NSIS Signaling Layer Protocol (NSLP) draft-ietf-nsis-nslp-natfw-14.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun, Elwyn Davies NSIS Working Group, 68th IETF meeting

  2. Draft Update (1) • Working group review comments incorporated. • Removed leftover of NATFW_CREDENTIAL from Appendix D and IANA considerations • NATFW_DTINFO object must be included when using the LE-MRM. • NATs and firewalls need to have information about the used transport protocol • Added text to Section 3.4 "Calculation of Signaling Session Lifetime"

  3. Draft Update (2) • Simplified Appendix A "Selecting Signaling Destination Addresses for EXT“ • Replaced terminology “upstream” by “inbound” and “downstream” by “outbound” • Added new asynchronous notification 'NATFW signaling session lifetime expired' • Changed NOTIFY semantics to allow sending inbound and outbound, depending on notification type

  4. Draft Update (3) • In Section 3.7.6.2 "Proxying for a Data Sender", added clarification on how to teardown the CREATE send by the proxy • Clarified throughout the text what type of sessions is always meant, i.e., if either application session or NATFW NSLP signaling session • Terminology: Clarified the "mode" terminology usage. There is now only the proxy mode operation left. • Editorial changes to Section 2.8 "Multihomed Network with NAT” for better illustration

  5. Draft Update (4) • Clarified when the lifetime of a session starts in Section 3.2.3 "NATFW NSLP Signaling Sessions" • Reworked the NAT semantics part of EXT • Some cases where missing

  6. Review by Security Area Directorate • Review by Catherine Meadows • Clarifications for the security mechanisms demanded for • Section 5.2.3, data sender behind a firewall • Section 5.8, misuse of unreleased sessions • Security consideration section considered to be too long. • Suggestion by Catherine: The detailed list of attacks should be removed.

  7. Implementations • University of Göttingen • http://user.informatik.uni-goettingen.de/~nsis/ • University of Coimbra • http://nsis.dei.uc.pt/ • University of Karlsruhe • https://projekte.tm.uka.de/trac/NSIS/

  8. Next Steps • Draft update addressing security comments • Deadline: April 2007 • Interop testing to gain implementation feedback? • Working Group Last Call ready soon.

More Related