Keith Moore wrote:
Are you saying the problem here is not that the SIP protocol embeds
network layer information in the data portion as a (ineffective) security
check?
Or are you saying that any protocol, no matter how badly written,
should be allowed through firewalls with a minimum of checks?
SIP is not the problem. SIP works like it needs to work. It's insane to
think that the routing of call voice data should have to go through the
point from which the calls are controlled, or via any other route than the
most direct one. The problem is the NAT that prevents the call data from
being routed via the most efficient path.
In short, Keith's answer to the question of whether any protocol, no
matter how badly written, should be allowed through firewalls with a
minimum of checks, is yes.
Stateless NAT66 is neutral on this, as the protocol still needs stateful
checks to be firewalled. The same stateful checks as are required for
security fixup the embedded IP address, so there is no real difference
between statefulness and stateful NAT from the perspective of the
protocol. Neither "prevent" the call data from being routed via the most
efficient path.
IAX2 is the fix to SIP just as TCPIP was the fix to NetBIOS and AppleTalk.
None of this is directly related to NAT66, it is simply a reply to
Keith's claims. None of this would have a real relation to IPv6 were it
not for anti-consumer special interests attempting to tie the two issues
together.
Roger Marquis
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
