Support of Point-to-Multipoint Bidirectional Forwarding Detection (BFD) in Transparent Interconnection of Lots of Links (TRILL)
draft-ietf-trill-p2mp-bfd-09

[Ballot comment]
There are a number of lower case "should" instances. Please consider using the boilerplate from 8174.

(I am starting to sound like a broken record this week :-) )

[Ballot comment]
(1) The first reference to I-D.ietf-bfd-multipoint appears in Section 5; please add one in the Introduction when Multipoint BFD is initially mentioned.

(2) I think that using Normative Language (without quotation marks) to mention what is specified somewhere else can result in confusion as to which is the authoritative document.  This seems to be the case in Section 4: "If the M bit of the TRILL Header of the RBridge channel packet containing a BFD Control packet is non-zero, the packet MUST be dropped [RFC7175]."  The sentence sounds as if the behavior is specified in rfc7175, but that document says (in Section 3.2 (BFD Control Frame Processing)): "The following tests SHOULD be performed...Is the M bit in the TRILL Header non-zero?  If so, discard the frame."  Note that the behavior specified in rfc7175 doesn't use a "MUST".  The text in this document seems to be used to explain why a new message is needed, and not in a Normative way -- please clarify the text so that there is no inconsistency with respect to rfc7175.

(3) Section 5 says that the "processing in Section 3.2 of [RFC7175] applies...If the M bit is zero, the packet is discarded."  Section 3.2 has that "SHOULD" that I mentioned above, and it also mentions potential security issues, which are not referenced in this document.  Are there reasons to keep the "SHOULD" and not use "MUST" instead (for the p2mp case)?  If the same semantics as in rfc7175 are kept, then the Security Considerations should include the concerns.

[Ballot comment]
I'm hoping this can be resolved quickly, as it's probably just a missing
cite. If it turns out that there's actually missing content, this
may turn into a DISCUSS.

  Multipoint BFD provides its own authentication but does not provide
  encryption (see Security Considerations in [I-D.ietf-bfd-
  multipoint]). As specified in this document, the point-to-multipoint

I skimmed the reference here, but wasn't able to figure out what the
authentication was. In particular, the document says:

      If the A bit is set, the packet MUST be authenticated under the
      rules of section 6.7, based on the authentication type in use
      (bfd.AuthType.)  This may cause the packet to be discarded.

But there is no 6.7. So, this makes me worry that I don't understand
any of this.

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has completed its review of draft-ietf-trill-p2mp-bfd-06. If any part of this review is inaccurate, please let us know.

The IANA Services Operator understands that, upon approval of this document, there is a single action which we must complete.

In the RBridge Channel Protocols registry on the Transparent Interconnection of Lots of Links (TRILL) Parameters registry page located at:

https://www.iana.org/assignments/trill-parameters/

a single new protocol will be registered in the Standards Action section of the registry (values 0x002-0x0FF) as follows:

Protocol: [ TBD-at-Registration ]
Description: P2MP BFD Control
Reference: [ RFC-to-be ]

The IANA Services Operator understands that this is the only action required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm the list of actions that will be performed.


Thank you,

Sabrina Tanamal
Senior IANA Services Specialist

The following Last Call announcement was sent out (ends 2018-01-08):

From: The IESG
To: IETF-Announce
CC: Susan Hares , akatlas@gmail.com, trill-chairs@ietf.org, trill@ietf.org, draft-ietf-trill-p2mp-bfd@ietf.org, shares@ndzh.com
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (TRILL Support of Point to Multipoint BFD) to Proposed Standard


The IESG has received a request from the Transparent Interconnection of Lots
of Links WG (trill) to consider the following document: - 'TRILL Support of
Point to Multipoint BFD'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2018-01-08. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


  Point to multipoint (P2MP) BFD is designed to verify multipoint
  connectivity.  This document specifies the support of P2MP BFD in
  TRILL.  Similar to TRILL point-to-point BFD, BFD Control packets in
  TRILL P2MP BFD are transmitted using RBridge Channel message. This
  document updates RFC 7175 and RFC 7177.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-trill-p2mp-bfd/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-trill-p2mp-bfd/ballot/


No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information:
    draft-ietf-bfd-multipoint-active-tail: BFD Multipoint Active Tails. (None - IETF stream)

PROTO for draft-ietf-trill-p2mp-bfd-05

(1) Type of RFC: Standards track as indicated on the title page. This document extends
and updates Draft Standard 7175 on TRILL support of BFD.

(2) Document Announcement:
  Technical Summary:

Point to multipoint (P2MP) BFD is designed to verify multipoint
connectivity.  This document specifies the support of P2MP BFD in
TRILL.  Similar to TRILL point-to-point BFD, BFD Control packets in
TRILL P2MP BFD are transmitted using RBridge Channel message.

  Working Group Summary:

  WG has discussed this technology along with other TRILL extensions for the
  last 3 years.  Trade-offs were discussed at IETF meetings and on the mail list.
  Final decision on trade-off received good WG consnesus.

  Document Quality:
  No implementations of the protocol exist.
  Huawei may implement this draft in the future, but
  this depends on customer needs in various deployments
  (data centers, campus networks, and others)

  Personnel:
    Document Shepherd: Sue Hares
    Responsible Area Director: Alia Atlas

(3) Briefly describe the review of this document that was performed
    by the Document Shepherd. If this version of the document is not
    ready for publication, please explain why the document is being
    forwarded to the IESG.

RTG-DIR review
RTG-DIR REview - few nits need to be addressed.

See also review comments by Donald Eastlake at
https://www.ietf.org/mail-archive/web/trill/current/msg07751.html
that were resolved in version -05
https://www.ietf.org/mail-archive/web/trill/current/msg07753.html
and RTG review by Carlos Pignataro at
https://www.ietf.org/mail-archive/web/trill/current/msg07729.html
resolved here
https://www.ietf.org/mail-archive/web/trill/current/msg07731.html

(4) Does the document Shepherd have any concerns about the depth or
    breadth of the reviews that have been performed?

  The draft has recevied good review in the meetings, in discussion with authors,
  and on the list.  The chair sends out specific questions with each TRILL WG last call.
  TRILL participant commenton these questions.

  The security considerations section indicates that a "future document will
  provide for group keying".  This document is draft-ietf-trill-group-keying-00.txt.
  Since the TRILL progressing toward a hiatus and this future document
  may not pass WG LC, this statement has been left as is.  An RFC editor note
can link these two documents together if they are both approved, or
the authors indicated they would be glad to modify the document.

(5) Do portions of the document need review from a particular or from
    broader perspective, e.g., security, operational complexity, AAA,
    DNS, DHCP, XML, or internationalization? If so, describe the
    review that took place.
 
    Normal reviews, plus review by the BFD group is useful. 

(6) Describe any specific concerns or issues that the Document
    Shepherd has with this document that the Responsible Area
    Director and/or the IESG should be aware of? 

  No special concerns. This document has gone through
  several reviews.  It is part of the extension to the TRILL
  extensions for directory  service and local link functions.

(7) Has each author confirmed that any and all appropriate IPR
    disclosures required for full conformance with the provisions of
    BCP 78 and BCP 79 have already been filed. If not, explain why?

Yes, three authors:
    Prasad Govindan:
https://www.ietf.org/mail-archive/web/trill/current/msg07818.html
    Mingui Zhang:
https://www.ietf.org/mail-archive/web/trill/current/msg07816.html
    Santosh Pallagatti:
https://www.ietf.org/mail-archive/web/trill/current/msg07846.html

(8) Has an IPR disclosure been filed that references this document?
    If so, summarize any WG discussion and conclusion regarding the
    IPR disclosures.

No.

(9) How solid is the WG consensus behind this document? Does it
    represent the strong concurrence of a few individuals, with
    others being silent, or does the WG as a whole understand and
    agree with it?

  There is clear WG consensus for this draft.
  This document has cycled in the working group as the authors
  and chair refined the document.

(10) Has anyone threatened an appeal or otherwise indicated extreme
    discontent? If so, please summarise the areas of conflict in
    separate email messages to the Responsible Area Director. (It
    should be in a separate email because this questionnaire is
    publicly available.)

No.

(11) Identify any ID nits the Document Shepherd has found in this
    document. (See http://www.ietf.org/tools/idnits/ and the
    Internet-Drafts Checklist). Boilerplate checks are not enough;
    this check needs to be thorough.

No nits.

(12) Describe how the document meets any required formal review
    criteria, such as the MIB Doctor, media type, and URI type
    reviews.

No such formal review required.

(13) Have all references within this document been identified as
    either normative or informative?

Yes.

(14) Are there normative references to documents that are not ready
    for advancement or are otherwise in an unclear state? If such
    normative references exist, what is the plan for their
    completion?

There are references to two BFD WG drafts and one TRILL draft as
listed below. These are expected to be advanced soon.
    draft-ietf-bfd-multipoint
    draft-ietf-bfd-multipoint-active-tail
    draft-ietf-trill-resilient-trees
   
(15) Are there downward normative references references (see RFC
    3967)? If so, list these downward references to support the Area
    Director in the Last Call procedure.

No downward references.

(16) Will publication of this document change the status of any
    existing RFCs? Are those RFCs listed on the title page header,
    listed in the abstract, and discussed in the introduction? If the
    RFCs are not listed in the Abstract and Introduction, explain
    why, and point to the part of the document where the relationship
    of this document to the other RFCs is discussed. If this
    information is not in the document, explain why the WG considers
    it unnecessary.

This document updates RFC 7177 as specified in Section 3 and updates
RFC 7175 as specified in Section 4.

(17) Describe the Document Shepherd's review of the IANA
    considerations section, especially with regard to its consistency
    with the body of the document. Confirm that all protocol
    extensions that the document makes are associated with the
    appropriate reservations in IANA registries. Confirm that any
    referenced IANA registries have been clearly identified. Confirm
    that newly created IANA registries include a detailed
    specification of the initial contents for the registry, that
    allocations procedures for future registrations are defined, and
    a reasonable name for the new registry has been suggested (see
    RFC 5226).

This document only requires the allocation of a single code point, a
new RBridge Channel Protocol number, which is properly provided for in
the IANA Considerations Section.

(18) List any new IANA registries that require Expert Review for
    future allocations. Provide any public guidance that the IESG
    would find useful in selecting the IANA Experts for these new
    registries.

No new registries created.

(19) Describe reviews and automated checks performed by the Document
    Shepherd to validate sections of the document written in a formal
    language, such as XML code, BNF rules, MIB definitions, etc.

No such automatic checks required.

PROTO for draft-ietf-trill-p2mp-bfd-05

(1) Type of RFC: Standards track as indicated on the title page. This document extends
and updates Draft Standard 7175 on TRILL support of BFD.

(2) Document Announcement:
  Technical Summary:

Point to multipoint (P2MP) BFD is designed to verify multipoint
connectivity.  This document specifies the support of P2MP BFD in
TRILL.  Similar to TRILL point-to-point BFD, BFD Control packets in
TRILL P2MP BFD are transmitted using RBridge Channel message.

  Working Group Summary:

  WG has discussed this technology along with other TRILL extensions for the
  last 3 years.  Trade-offs were discussed at IETF meetings and on the mail list.
  Final decision on trade-off received good WG consnesus.

  Document Quality:
  No implementations of the protocol exist.
  Huawei may implement this draft in the future, but
  this depends on customer needs in various deployments
  (data centers, campus networks, and others)

  Personnel:
    Document Shepherd: Sue Hares
    Responsible Area Director: Alia Atlas

(3) Briefly describe the review of this document that was performed
    by the Document Shepherd. If this version of the document is not
    ready for publication, please explain why the document is being
    forwarded to the IESG.

RTG-DIR review
RTG-DIR REview - few nits need to be addressed.

See also review comments by Donald Eastlake at
https://www.ietf.org/mail-archive/web/trill/current/msg07751.html
that were resolved in version -05
https://www.ietf.org/mail-archive/web/trill/current/msg07753.html
and RTG review by Carlos Pignataro at
https://www.ietf.org/mail-archive/web/trill/current/msg07729.html
resolved here
https://www.ietf.org/mail-archive/web/trill/current/msg07731.html

(4) Does the document Shepherd have any concerns about the depth or
    breadth of the reviews that have been performed?

  The draft has recevied good review in the meetings, in discussion with authors,
  and on the list.  The chair sends out specific questions with each TRILL WG last call.
  TRILL participant commenton these questions.

  The security considerations section indicates that a "future document will
  provide for group keying".  This document is draft-ietf-trill-group-keying-00.txt.
  Since the TRILL progressing toward a hiatus and this future document
  may not pass WG LC, this statement has been left as is.  An RFC editor note
can link these two documents together if they are both approved, or
the authors indicated they would be glad to modify the document.

(5) Do portions of the document need review from a particular or from
    broader perspective, e.g., security, operational complexity, AAA,
    DNS, DHCP, XML, or internationalization? If so, describe the
    review that took place.

No special review required.  A normal OPS-DIR, SEC-DIR, RTG-DIR, and GEN-ART
review of this document will be sufficient.

(6) Describe any specific concerns or issues that the Document
    Shepherd has with this document that the Responsible Area
    Director and/or the IESG should be aware of? 

  No special concerns. This document has gone through everal passes.

(7) Has each author confirmed that any and all appropriate IPR
    disclosures required for full conformance with the provisions of
    BCP 78 and BCP 79 have already been filed. If not, explain why?

Yes, three authors:
    Prasad Govindan:
https://www.ietf.org/mail-archive/web/trill/current/msg07818.html
    Mingui Zhang:
https://www.ietf.org/mail-archive/web/trill/current/msg07816.html
    Santosh Pallagatti:
https://www.ietf.org/mail-archive/web/trill/current/msg07846.html

(8) Has an IPR disclosure been filed that references this document?
    If so, summarize any WG discussion and conclusion regarding the
    IPR disclosures.

No.

(9) How solid is the WG consensus behind this document? Does it
    represent the strong concurrence of a few individuals, with
    others being silent, or does the WG as a whole understand and
    agree with it?

  There is clear WG consensus for this draft.
  This document has cycled in the working group as the authors
  and chair refined the document.

(10) Has anyone threatened an appeal or otherwise indicated extreme
    discontent? If so, please summarise the areas of conflict in
    separate email messages to the Responsible Area Director. (It
    should be in a separate email because this questionnaire is
    publicly available.)

No.

(11) Identify any ID nits the Document Shepherd has found in this
    document. (See http://www.ietf.org/tools/idnits/ and the
    Internet-Drafts Checklist). Boilerplate checks are not enough;
    this check needs to be thorough.

No nits.

(12) Describe how the document meets any required formal review
    criteria, such as the MIB Doctor, media type, and URI type
    reviews.

No such formal review required.

(13) Have all references within this document been identified as
    either normative or informative?

Yes.

(14) Are there normative references to documents that are not ready
    for advancement or are otherwise in an unclear state? If such
    normative references exist, what is the plan for their
    completion?

There are references to two BFD WG drafts and one TRILL draft as
listed below. These are expected to be advanced soon.
    draft-ietf-bfd-multipoint
    draft-ietf-bfd-multipoint-active-tail
    draft-ietf-trill-resilient-trees
   
(15) Are there downward normative references references (see RFC
    3967)? If so, list these downward references to support the Area
    Director in the Last Call procedure.

No downward references.

(16) Will publication of this document change the status of any
    existing RFCs? Are those RFCs listed on the title page header,
    listed in the abstract, and discussed in the introduction? If the
    RFCs are not listed in the Abstract and Introduction, explain
    why, and point to the part of the document where the relationship
    of this document to the other RFCs is discussed. If this
    information is not in the document, explain why the WG considers
    it unnecessary.

This document updates RFC 7177 as specified in Section 3 and updates
RFC 7175 as specified in Section 4.

(17) Describe the Document Shepherd's review of the IANA
    considerations section, especially with regard to its consistency
    with the body of the document. Confirm that all protocol
    extensions that the document makes are associated with the
    appropriate reservations in IANA registries. Confirm that any
    referenced IANA registries have been clearly identified. Confirm
    that newly created IANA registries include a detailed
    specification of the initial contents for the registry, that
    allocations procedures for future registrations are defined, and
    a reasonable name for the new registry has been suggested (see
    RFC 5226).

This document only requires the allocation of a single code point, a
new RBridge Channel Protocol number, which is properly provided for in
the IANA Considerations Section.

(18) List any new IANA registries that require Expert Review for
    future allocations. Provide any public guidance that the IESG
    would find useful in selecting the IANA Experts for these new
    registries.

No new registries created.

(19) Describe reviews and automated checks performed by the Document
    Shepherd to validate sections of the document written in a formal
    language, such as XML code, BNF rules, MIB definitions, etc.

No such automatic checks required.

PROTO for draft-ietf-trill-p2mp-bfd-05

(1) Type of RFC: Standards track as indicated on the title page. This document extends
and updates Draft Standard 7175 on TRILL support of BFD.

(2) Document Announcement:
  Technical Summary:

Point to multipoint (P2MP) BFD is designed to verify multipoint
connectivity.  This document specifies the support of P2MP BFD in
TRILL.  Similar to TRILL point-to-point BFD, BFD Control packets in
TRILL P2MP BFD are transmitted using RBridge Channel message.

  Working Group Summary:

  WG has discussed this technology along with other TRILL extensions for the
  last 3 years.  Trade-offs were discussed at IETF meetings and on the mail list.
  Final decision on trade-off received good WG consnesus.

  Document Quality:
  No implementations of the protocol exist.
  Huawei may implement this draft in the future, but
  this depends on customer needs in various deployments
  (data centers, campus networks, and others)

  Personnel:
    Document Shepherd: Sue Hares
    Responsible Area Director: Alia Atlas

(3) Briefly describe the review of this document that was performed
    by the Document Shepherd. If this version of the document is not
    ready for publication, please explain why the document is being
    forwarded to the IESG.

RTG-DIR review
RTG-DIR REview - few nits need to be addressed.

See also review comments by Donald Eastlake at
https://www.ietf.org/mail-archive/web/trill/current/msg07751.html
that were resolved in version -05
https://www.ietf.org/mail-archive/web/trill/current/msg07753.html
and RTG review by Carlos Pignataro at
https://www.ietf.org/mail-archive/web/trill/current/msg07729.html
resolved here
https://www.ietf.org/mail-archive/web/trill/current/msg07731.html

(4) Does the document Shepherd have any concerns about the depth or
    breadth of the reviews that have been performed?

  The draft has recevied good review in the meetings, in discussion with authors,
  and on the list.  The chair sends out specific questions with each TRILL WG last call.
  TRILL participant commenton these questions.

  The security considerations section indicates that a "future document will
  provide for group keying".  This document is draft-ietf-trill-group-keying-00.txt.
  Since the TRILL progressing toward a hiatus and this future document
  may not pass WG LC, this statement has been left as is.  An RFC editor note
can link these two documents together if they are both approved, or
the authors indicated they would be glad to modify the document.

(5) Do portions of the document need review from a particular or from
    broader perspective, e.g., security, operational complexity, AAA,
    DNS, DHCP, XML, or internationalization? If so, describe the
    review that took place.

No special review required.  A normal OPS-DIR, SEC-DIR, RTG-DIR, and GEN-ART
review of this document will be sufficient.

(6) Describe any specific concerns or issues that the Document
    Shepherd has with this document that the Responsible Area
    Director and/or the IESG should be aware of? 

  No special concerns. This document has gone through everal passes.

(7) Has each author confirmed that any and all appropriate IPR
    disclosures required for full conformance with the provisions of
    BCP 78 and BCP 79 have already been filed. If not, explain why?

Yes, three authors:
    Prasad Govindan:
https://www.ietf.org/mail-archive/web/trill/current/msg07818.html
    Mingui Zhang:
https://www.ietf.org/mail-archive/web/trill/current/msg07816.html
    Santosh Pallagatti:
https://www.ietf.org/mail-archive/web/trill/current/msg07846.html

(8) Has an IPR disclosure been filed that references this document?
    If so, summarize any WG discussion and conclusion regarding the
    IPR disclosures.

No.

(9) How solid is the WG consensus behind this document? Does it
    represent the strong concurrence of a few individuals, with
    others being silent, or does the WG as a whole understand and
    agree with it?

  There is clear WG consensus for this draft.
  This document has cycled in the working group as the authors
  and chair sought perfection.

(10) Has anyone threatened an appeal or otherwise indicated extreme
    discontent? If so, please summarise the areas of conflict in
    separate email messages to the Responsible Area Director. (It
    should be in a separate email because this questionnaire is
    publicly available.)

No.

(11) Identify any ID nits the Document Shepherd has found in this
    document. (See http://www.ietf.org/tools/idnits/ and the
    Internet-Drafts Checklist). Boilerplate checks are not enough;
    this check needs to be thorough.

No nits.

(12) Describe how the document meets any required formal review
    criteria, such as the MIB Doctor, media type, and URI type
    reviews.

No such formal review required.

(13) Have all references within this document been identified as
    either normative or informative?

Yes.

(14) Are there normative references to documents that are not ready
    for advancement or are otherwise in an unclear state? If such
    normative references exist, what is the plan for their
    completion?

There are references to two BFD WG drafts and one TRILL draft as
listed below. These are expected to be advanced soon.
    draft-ietf-bfd-multipoint
    draft-ietf-bfd-multipoint-active-tail
    draft-ietf-trill-resilient-trees
   
(15) Are there downward normative references references (see RFC
    3967)? If so, list these downward references to support the Area
    Director in the Last Call procedure.

No downward references.

(16) Will publication of this document change the status of any
    existing RFCs? Are those RFCs listed on the title page header,
    listed in the abstract, and discussed in the introduction? If the
    RFCs are not listed in the Abstract and Introduction, explain
    why, and point to the part of the document where the relationship
    of this document to the other RFCs is discussed. If this
    information is not in the document, explain why the WG considers
    it unnecessary.

This document updates RFC 7177 as specified in Section 3 and updates
RFC 7175 as specified in Section 4.

(17) Describe the Document Shepherd's review of the IANA
    considerations section, especially with regard to its consistency
    with the body of the document. Confirm that all protocol
    extensions that the document makes are associated with the
    appropriate reservations in IANA registries. Confirm that any
    referenced IANA registries have been clearly identified. Confirm
    that newly created IANA registries include a detailed
    specification of the initial contents for the registry, that
    allocations procedures for future registrations are defined, and
    a reasonable name for the new registry has been suggested (see
    RFC 5226).

This document only requires the allocation of a single code point, a
new RBridge Channel Protocol number, which is properly provided for in
the IANA Considerations Section.

(18) List any new IANA registries that require Expert Review for
    future allocations. Provide any public guidance that the IESG
    would find useful in selecting the IANA Experts for these new
    registries.

No new registries created.

(19) Describe reviews and automated checks performed by the Document
    Shepherd to validate sections of the document written in a formal
    language, such as XML code, BNF rules, MIB definitions, etc.

No such automatic checks required.

Network Working Group                                          D. Thaler
Internet-Draft                                                Microsoft
Intended status: Informational                            March 3, 2014
Expires: September 4, 2014

                    Reflections On Host Firewalls
                    draft-iab-host-firewalls-02.txt

Abstract

  In today's Internet, the need for firewalls is generally accepted in
  the industry and indeed firewalls are widely deployed in practice.
  Often the result is that software may be running and potentially
  consuming resources, but then communication is blocked by a firewall.
  It's taken for granted that this end state is either desirable or the
  best that can be achieved in practice, rather than (for example) an
  end state where the relevant software is not running or is running in
  a way that would not result in unwanted communication.  In this
  document, we explore the issues behind these assumptions and provide
  suggestions on improving the architecture going forward.

Status of This Memo

  This Internet-Draft is submitted in full conformance with the
  provisions of BCP 78 and BCP 79.

  Internet-Drafts are working documents of the Internet Engineering
  Task Force (IETF).  Note that other groups may also distribute
  working documents as Internet-Drafts.  The list of current Internet-
  Drafts is at http://datatracker.ietf.org/drafts/current/.

  Internet-Drafts are draft documents valid for a maximum of six months
  and may be updated, replaced, or obsoleted by other documents at any
  time.  It is inappropriate to use Internet-Drafts as reference
  material or to cite them other than as "work in progress."

  This Internet-Draft will expire on September 4, 2014.

Copyright Notice

  Copyright (c) 2014 IETF Trust and the persons identified as the
  document authors.  All rights reserved.

  This document is subject to BCP 78 and the IETF Trust's Legal
  Provisions Relating to IETF Documents
  (http://trustee.ietf.org/license-info) in effect on the date of
  publication of this document.  Please review these documents

Thaler                  Expires September 4, 2014              [Page 1]
Internet-Draft              Host Firewalls                  March 2014

  carefully, as they describe your rights and restrictions with respect
  to this document.  Code Components extracted from this document must
  include Simplified BSD License text as described in Section 4.e of
  the Trust Legal Provisions and are provided without warranty as
  described in the Simplified BSD License.

Table of Contents

  1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .  2
    1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .  4
  2.  Firewall Rules  . . . . . . . . . . . . . . . . . . . . . . .  5
  3.  Category 1: Attack Surface Reduction  . . . . . . . . . . . .  6
    3.1.  Stealth Mode  . . . . . . . . . . . . . . . . . . . . . .  7
    3.2.  Discussion of Approaches  . . . . . . . . . . . . . . . .  7
      3.2.1.  Fix the Software  . . . . . . . . . . . . . . . . . .  7
      3.2.2.  Don't Use the Software  . . . . . . . . . . . . . . .  8
      3.2.3.  Run the Software Behind a Firewall  . . . . . . . . .  8
  4.  Category 2: Security Policy . . . . . . . . . . . . . . . . .  9
    4.1.  Discussion of Approaches  . . . . . . . . . . . . . . . .  9
      4.1.1.  Security Policies in Applications . . . . . . . . . .  9
      4.1.2.  Security Policies in Firewalls  . . . . . . . . . . .  10
      4.1.3.  Security Policies in a Service  . . . . . . . . . . .  11
  5.  Security Considerations . . . . . . . . . . . . . . . . . . .  11
  6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  12
  7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  12
  8.  IAB Members at the Time of This Writing . . . . . . . . . . .  12
  9.  Informative References  . . . . . . . . . . . . . . . . . . .  12
  Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  14

1.  Introduction

  [I-D.iab-filtering-considerations] discusses the issue of blocking or
  filtering abusive or objectionable content and communications, and
  the effects on the overall Internet architecture.  This document
  complements that discussion by focusing on the architectural effects
  of host firewalls on hosts and applications.

  "Behavior of and Requirements for Internet Firewalls" [RFC2979]
  provides an introduction to firewalls and the requirement for
  transparency in particular, stating:

      The introduction of a firewall and any associated tunneling or
      access negotiation facilities MUST NOT cause unintended failures
      of legitimate and standards-compliant usage that would work were
      the firewall not present.

Thaler                  Expires September 4, 2014              [Page 2]
Internet-Draft              Host Firewalls                  March 2014

  Many firewalls today do not follow that guidance today, such as by
  blocking traffic containing IP options or IPv6 extension headers (see
  [RFC7045] for more discussion).

  In Section 2.1 of "Reflections on Internet Transparency" [RFC4924],
  the IAB provided additional thoughts on firewalls and their impact on
  the Internet architecture, including issues around disclosure
  obligations and complexity as applications evolve to circumvent
  firewalls.  This document extends that discussion with additional
  considerations.

  Traditionally, firewalls have been about arming customers to protect
  against bugs in applications and services.  This document discusses a
  number of fundamental questions such as who a firewall is meant to
  protect from what.  It does so primarily, though not exclusively,
  from an end system perspective with a focus on host firewalls in
  particular.

  The Internet Security Glossary [RFC4949] defines a firewall as
  follows.

      1.  (I) An internetwork gateway that restricts data communication
      traffic to and from one of the connected networks (the one said to
      be "inside" the firewall) and thus protects that network's system
      resources against threats from the other network (the one that is
      said to be "outside" the firewall).  (See: guard, security
      gateway.)

      2.  (O) A device or system that controls the flow of traffic
      between networks using differing security postures.  [SP41]

      Tutorial: A firewall typically protects a smaller, secure network
      (such as a corporate LAN, or even just one host) from a larger
      network (such as the Internet).  The firewall is installed at the
      point where the networks connect, and the firewall applies policy
      rules to control traffic that flows in and out of the protected
      network.

      A firewall is not always a single computer.  For example, a
      firewall may consist of a pair of filtering routers and one or
      more proxy servers running on one or more bastion hosts, all
      connected to a small, dedicated LAN (see: buffer zone) between the
      two routers.  The external router blocks attacks that use IP to
      break security (IP address spoofing, source routing, packet
      fragments), while proxy servers block attacks that would exploit a
      vulnerability in a higher-layer protocol or service.  The internal
      router blocks traffic from leaving the protected network except
      through the proxy servers.  The difficult part is defining

Request for Early review by RTGDIR is assigned to Thomas Morin