On 4/26/2017 3:43 AM, Tero Kivinen wrote:
> Paul Wouters writes:
>> ...
>> So it should add an Updates: RFC-3947
> Not really.
... (basically points to other more appropriate RFCs to UPDATE)

I'll leave it to you and the IESG to determine what RFC this document
should be updated to correctly change the definition of port 4500. ;-)

> ...
>
>> It's a little weird. 3947 reserved TCP 4500, but did not specify how
>> to actually use TCP at all. It seems it was mostly preventatively
>> reserved.
> The reason RFC3947 reserved TCP/4500 was that it updated both TCP/4500
> and UDP/4500 references from individual user to the RFC3947, so that
> IETF will have change control over the ports. I.e., those ports were
> allocated before RFC3947 came out, and they were used for several
> different non-interoperable versions of the NAT traversals, which then
> evolved to the standard version we define in RFC3947. We decided to
> reassign both TCP and UDP port 4500 to RFC3947 so it would be clear
> for what use they will be used. Also we commonly reserve both TCP and
> UDP ports for same number just in case someone defines a way to run
> the protocol over other transport protocol in the future...

Actually, that was how IANA handled assignments in the past. Currently,
if you ask for port number X on UDP, then port number X on all other
transports (TCP, DCCP, SCTP) are marked "Reserved". The current assignee
(e.g., for X on UDP, here) has first-priority on using that port on
other transports, but that assignment typically uses the same name only
where the primary difference is framing. IANA now encourages assignees
to have different names for different services on different transports,
even when sharing the same port number on different (see RFC7605).

> ...
>
> So my proposal is update the IANA port registry for both UDP/4500 and
> TCP/4500 as follows:
>
>          Keyword       Decimal    Description          Reference
>          -------       -------    -----------          ---------
>          ipsec-nat-t   4500/tcp   IPsec NAT-Traversal  [RFCXXXX]
>          ipsec-nat-t   4500/udp   IPsec NAT-Traversal  [RFC3948], [RFC7296]
>
> (RFCXXXX being this RFC).
Sounds good to me (again, I'll trust this group and the IESG to pick the
best references)

Joe

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to