The incident I was referring to was at the Dallas IETF in 1995. Yes, people did finally get over the NAT thing, but only after we had ended up with six incompatible proprietary work-arounds.
On Mon, Dec 30, 2024 at 3:59 AM Tero Kivinen <[email protected]> wrote: > Phillip Hallam-Baker writes: > > IPSEC as defined in the standards is completely useless because it > > doesn't work through NAT. And I remember the two Security ADs > > chuckling that it was a feature not a bug. > > (I assume you mean IPsec?) > > IPsec NAT Traversal using UDP encapsulation was standardized in 2005 > for the original IKEv1, and the IKEv2 (standardied in 2005) had that > built in from the beginning. > > And yes there is still AH that is explictly authenticating the IP > headers which is not compatible with the NATs, as AH is trying to > detect when someone modifies the IP header, and there it is feature > not a bug. But if you do not want to verify the IP header then you can > use ESP instead and that do provide NAT traversal. > -- > [email protected] >
_______________________________________________ rfc-interest mailing list -- [email protected] To unsubscribe send an email to [email protected]
