Any and all discussions in the IETF related to nat MUST NOT imply any kind of security. The fact that product marketing departments do that is absolutely out of scope, as the IETF needs to stay focused on the technical reality that mangling the header does not have any security impact (try to take a static 1:1 address mapping and show how that node is any more secure than it would be without the nat). To that end, bullet 2) creates an invalid set of goals for this proposed bof.
Independent of that, the entire 'we have to do this because we can' mindset should be questioned. There has not been a demonstrated need for a 66nat, just claims that 'people will build it so we should define it'. The motivation is the same 'promote product interoperability' that was used to force NAT-PT off the experimental track to PS. It took several years to recognize how misguided that decision was, but fortunately it occurred before people felt forced into IPv6 deployments, so it did not see widespread use. Handing people the 'feel-good' familiar nat tool in the name of security, will be like handing a loaded gun to someone intent on committing suicide. There will be no way to recall this, as simply marking an RFC to historic will not remove a wide-scale deployment, or deter vendors from shipping products (note that the bof proposal is based on vendors shipping products despite the lack of a document to begin with, so why would they care about a recall). It could be argued that poor application interaction with 66nat is really in the best interest of the end user, as they would be removed as impediments, where making it just-passable will condemn the world to an unnecessarily complex topology forever. This proposed bof will be a waste of time and energy for an already overloaded IESG, though keeping people that insist on doing this work occupied and away from real progress would not be a bad thing... Tony > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Margaret Wasserman > Sent: Tuesday, January 20, 2009 7:22 PM > To: [email protected] > Cc: Magnus Westerlund > Subject: [nat66] Preliminary BOF Request > > > Here is a preliminary BOF request that I've put together for a NAT66- > related BOF at IETF 74. I'm sending it to all four of the Internet and > Transport ADs, as I am not sure it has been decided which area would be > the best home for this work. > > Thoughts or comments on this BOF proposal? > > Margaret _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
