Phillip Hallam-Baker wrote:
NAT traversal should be something that is supported at a higher level of
abstraction than one protocol. And there seem to be moves towards that
support.
As there are various kinds of NAT, it is a waste of effort to try
to have a universal NAT traversing protocol.
FWIW, I think that we should provide NAT traversal in the protocols that
we develop (or as a part of some more general toolbox that the protocols
employ). This is important, and some protocols have been hurt by not
having such support initially. NAT/FW traversal is also important even
with
Jari Arkko wrote:
NAT/FW traversal is also important even
with IPv6, as you may have a firewall even in IPv6 (or be going through
a NAT64).
FYI, traversable firewall is, by definition, broken.
Masataka Ohta
Xiangsong,
I suspect you may have misunderstood me. I'm endorsing the old
practice of letting in (to meetings) any who wish *without* payment or
badge. Sure they won't be able to go into the terminal room, but that
isn't a significant issue. Them eating the snacks could possibly turn
into
From: Hadriel Kaplan hkap...@acmepacket.com
In one of the working group meetings this past week, when the group was
discussing a NAT traversal solution for their new protocol, an A-D
suggested they not spend much time on NAT traversal.
...
I'd like to know if the
On Nov 15, 2010, at 7:21 AM, David Harrington wrote:
I believe I'm the AD you are referring to.
Yes but I wasn't trying to pick on anyone - just trying to understand what the
official IESG position is.
I never said the IESG is discouraging NAT traversal mechanisms for new
protocols,
Masataka-san
You are incorrect.
Firewalls can be used for many purposes. Authenticated traversal is well
established in the firewall model. There is a copious amount of prior art.
On Mon, Nov 15, 2010 at 7:18 AM, Masataka Ohta
mo...@necom830.hpcl.titech.ac.jp wrote:
Jari Arkko wrote:
On Mon, Nov 15, 2010 at 11:41 AM, Hadriel Kaplan hkap...@acmepacket.comwrote:
Absolutely. And it should work in environments with IPv6 NATs, and in
environments with IPv6 firewalls, and in environments with IPv6 consumer
gateways which block inbound packets until an outbound packet opens a
On Mon, 15 Nov 2010, Lou Berger wrote:
Xiangsong,
I suspect you may have misunderstood me. I'm endorsing the old
practice of letting in (to meetings) any who wish *without* payment or badge.
Sure they won't be able to go into the terminal room, but that isn't a
significant issue.
Phillip Hallam-Baker wrote:
You are incorrect.
Firewalls can be used for many purposes. Authenticated traversal is well
established in the firewall model.
Given the diversity of firewalls and their operations, it's
practically impossible.
There is a copious amount of prior art.
Remember
Humm, seeing that's what we just had, I'm not sure where you're coming
from.
BTW I don't think there was any real surprise in this, and it doesn't
diminish from our local hosts' fabulous job. I thank them for their
efforts and hospitality.
Lou
On 11/15/2010 2:44 PM, Ole Jacobsen wrote:
Lou,
I see. So you had to take off your shoes, leave water behind and be
frisked and/or scanned at this meeting? I can't say I went to every
meeting room, but I did not notice any of that going on.
Also, when I say suggesting it's sort of meant to be a forward
looking statement not some idea
Ole,
I took your TSA reference as hyperbole referring to strict enforcement
of a badge requirement. I apologize if I misunderstood. I don't think
anyone would dispute that the level of badge enforcement and
security was substantively different than any other IETF, and this is
what I was
On Mon, Nov 15, 2010 at 06:04:02PM -0500, Lou Berger wrote:
(I also support less restrictions on the issuing of visas, at least for
IETF attendees, but there's not much I/we can do about that either.)
Indeed, that is getting worse. For instance, I understand our Russian
colleagues are going
Masataka Ohta wrote:
Jari Arkko wrote:
NAT/FW traversal is also important even
with IPv6, as you may have a firewall even in IPv6 (or be going through
a NAT64).
FYI, traversable firewall is, by definition, broken.
The reason why the internet hasn't completely collapsed by now
In any case, there are four facts of life that can't be ignored:
1. We have a BEHAVE WG and it has a charter.
2. We'd better hope that as many protocols as possible can traverse NAT64, which
will be with us for many years.
3. An important protocol that needs to traverse NAT44 is called IPv6 (in
Martin Rex wrote:
FYI, traversable firewall is, by definition, broken.
Try to convince folks to completely remove all outside doors,
windows, window gates, curtain, blinds, flyscreens from
their home to leverage many convenient un-restricted openings
to the interior of the house.
I'm not
I just took a look at the EAP EKE document recently approved by the IESG for
publication as an Informational RFC:
http://tools.ietf.org/html/draft-sheffer-emu-eap-eke-09
The document does not define the following parameters required by RFC 5247:
1. Peer-Id
2. Server-Id
3. Session-Id
In
The IESG has approved the following document:
- 'An EAP Authentication Method Based on the EKE Protocol'
(draft-sheffer-emu-eap-eke-09.txt) as an Informational RFC
This document has been reviewed in the IETF but is not the product of an
IETF Working Group.
The IESG contact person is Russ
19 matches
Mail list logo
