From: ietf-boun...@ietf.org [ietf-boun...@ietf.org] On Behalf Of David
Harrington [ietf...@comcast.net]
I said (feel free to check the session recording, (ch3-fri-am 1:25),
which is where I got the following text from):
I want to make sure you do not spend a tremendous amount of time
Martin Rex wrote:
According to your theory, a universal NAT traversal protocol
should already exists.
Correct. It is called the HTTP CONNECT method.
If, with your definition of traversal, tunneling is a form
of traversal, tunneling by IPSEC is a standard firewall
traversal protocol and is
...@sap.com
Cc: hal...@gmail.com; ietf@ietf.org
Sent: Wednesday, November 17, 2010 10:12 PM
Subject: Re: IESG position on NAT traversal and IPv4/IPv6
Martin Rex wrote:
According to your theory, a universal NAT traversal protocol
should already exists.
Correct. It is called the HTTP CONNECT
Masataka Ohta wrote:
Martin Rex wrote:
According to your theory, a universal NAT traversal protocol
should already exists.
Correct. It is called the HTTP CONNECT method.
If, with your definition of traversal, tunneling is a form
of traversal, tunneling by IPSEC is a standard
Hi Hadriel,
I believe I'm the AD you are referring to.
I made the comments as a technical contributor, but also said that my
opinion was informed by discussions within the IESG.
I think your characterization of my comments is a bit incorrect:
In one of the working group meetings this past
From: David Harrington ietf...@comcast.net
is my understanding that IETF consensus is to have the industry
transition from IPv4 to IPv6.
That's certainly the formal IETF _position_ - whether it's the _consensus_ of
the IETF participants is another matter.
Ever since the original
Martin Rex wrote:
Correct. It is called the HTTP CONNECT method.
If, with your definition of traversal, tunneling is a form
of traversal, tunneling by IPSEC is a standard firewall
traversal protocol and is much better than HTTP CONNECT
because of UDP.
Not quite. Tunneling needs
Hey, are you Japanese or Not?
Have you already quited Japanese?
Anyone should consider about both the protocol and
the constitution of own nation simultaneously.
It's the matter of right or wrong, not legal or illegal.
---
TaddyHatty,
Martin Rex wrote:
Correct. It is called the HTTP
On Nov 15, 2010, at 10:41 PM, Masataka Ohta wrote:
Phillip Hallam-Baker wrote:
You are incorrect.
Firewalls can be used for many purposes. Authenticated traversal is well
established in the firewall model.
Given the diversity of firewalls and their operations, it's
practically
Yoav Nir wrote:
Why not? While I agree that firewalls are diverse, they are all
made by vendors, and the big firewall vendors all have employees
who participate in the IETF. An IETF standard that allows firewall
traversal for legitimate traffic is very likely to be adopted by
all the
Masataka Ohta wrote:
According to your theory, a universal NAT traversal protocol
should already exists.
Correct. It is called the HTTP CONNECT method.
-Martin
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
Phillip Hallam-Baker wrote:
NAT traversal should be something that is supported at a higher level of
abstraction than one protocol. And there seem to be moves towards that
support.
As there are various kinds of NAT, it is a waste of effort to try
to have a universal NAT traversing protocol.
FWIW, I think that we should provide NAT traversal in the protocols that
we develop (or as a part of some more general toolbox that the protocols
employ). This is important, and some protocols have been hurt by not
having such support initially. NAT/FW traversal is also important even
with
Jari Arkko wrote:
NAT/FW traversal is also important even
with IPv6, as you may have a firewall even in IPv6 (or be going through
a NAT64).
FYI, traversable firewall is, by definition, broken.
Masataka Ohta
From: Hadriel Kaplan hkap...@acmepacket.com
In one of the working group meetings this past week, when the group was
discussing a NAT traversal solution for their new protocol, an A-D
suggested they not spend much time on NAT traversal.
...
I'd like to know if the
On Nov 15, 2010, at 7:21 AM, David Harrington wrote:
I believe I'm the AD you are referring to.
Yes but I wasn't trying to pick on anyone - just trying to understand what the
official IESG position is.
I never said the IESG is discouraging NAT traversal mechanisms for new
protocols,
Masataka-san
You are incorrect.
Firewalls can be used for many purposes. Authenticated traversal is well
established in the firewall model. There is a copious amount of prior art.
On Mon, Nov 15, 2010 at 7:18 AM, Masataka Ohta
mo...@necom830.hpcl.titech.ac.jp wrote:
Jari Arkko wrote:
On Mon, Nov 15, 2010 at 11:41 AM, Hadriel Kaplan hkap...@acmepacket.comwrote:
Absolutely. And it should work in environments with IPv6 NATs, and in
environments with IPv6 firewalls, and in environments with IPv6 consumer
gateways which block inbound packets until an outbound packet opens a
Phillip Hallam-Baker wrote:
You are incorrect.
Firewalls can be used for many purposes. Authenticated traversal is well
established in the firewall model.
Given the diversity of firewalls and their operations, it's
practically impossible.
There is a copious amount of prior art.
Remember
Masataka Ohta wrote:
Jari Arkko wrote:
NAT/FW traversal is also important even
with IPv6, as you may have a firewall even in IPv6 (or be going through
a NAT64).
FYI, traversable firewall is, by definition, broken.
The reason why the internet hasn't completely collapsed by now
In any case, there are four facts of life that can't be ignored:
1. We have a BEHAVE WG and it has a charter.
2. We'd better hope that as many protocols as possible can traverse NAT64, which
will be with us for many years.
3. An important protocol that needs to traverse NAT44 is called IPv6 (in
Martin Rex wrote:
FYI, traversable firewall is, by definition, broken.
Try to convince folks to completely remove all outside doors,
windows, window gates, curtain, blinds, flyscreens from
their home to leverage many convenient un-restricted openings
to the interior of the house.
I'm not
Hi,
In one of the working group meetings this past week, when the group was
discussing a NAT traversal solution for their new protocol, an A-D suggested
they not spend much time on NAT traversal. He/she indicated the IESG was
discouraging NAT traversal mechanisms for new protocols, in order to
Designing NAT traversal on a per protocol basis sounds like a mistake to me.
NAT traversal should be something that is supported at a higher level of
abstraction than one protocol. And there seem to be moves towards that
support.
But the idea of trying to starve protocols of features in order to
24 matches
Mail list logo