On Tuesday, June 17, 2003, at 11:51 AM, Hallam-Baker, Phillip wrote:
The key in my view is to work on the NAT vendors, instead of viewing
NAT
boxes as an obstacle they should be seen for what they really are, an
essential and important part of the internet infrastructure.
you obviously don't wri
> On Tuesday, June 17, 2003, at 11:51 AM, Hallam-Baker, Phillip wrote:
>
> > The key in my view is to work on the NAT vendors, instead
> of viewing
> > NAT
> > boxes as an obstacle they should be seen for what they
> really are, an
> > essential and important part of the internet infrastructu
On Tue, 17 Jun 2003 19:33:24 PDT, "Hallam-Baker, Phillip" said:
> No, because I design and use applications I really wish that the IETF
> had designed a decent NAT box spec rather than adopting the ostrich
> position.
If my un-NAT'ed box does a LISTEN on some TCP port, that generates no
outbound
On woensdag, jun 18, 2003, at 04:33 Europe/Amsterdam, Hallam-Baker,
Phillip wrote:
I really wish that the IETF had designed a decent NAT box spec rather
than adopting the ostrich position.
http://www.ietf.org/html.charters/nat-charter.html
:47:42 2003
To: Hallam-Baker, Phillip
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject:Re: myth of the great transition (was US Defense Department
forma lly adopts IPv6)
> I really wish that the IETF
> had designed a dece
Keith Moore <[EMAIL PROTECTED]> writes:
> > If you want to address denial of service issues you need protocol
> > enforcement points.
>
> NAT is a denial of service attack, not a means of policy enforcement.
I don't think this is really accurate.
The difference between denial of service and pol
Keith Moore <[EMAIL PROTECTED]> writes:
> > > NAT is a denial of service attack, not a means of policy enforcement.
> >
> > I don't think this is really accurate.
> >
> > The difference between denial of service and policy enforcement
> > is primarily a question of authorization. Since the peopl
> The difference between denial of service and policy enforcement
> is primarily a question of authorization. Since the people who
> install NAT generally own the networks in question, characterizing
> NAT as a DoS attack doesn't really seem right.
Well, yeah, but ... NAT is far too crude in its
Keith Moore <[EMAIL PROTECTED]> writes:
> > > similarly, people who install NAT usually don't realize how much this
> > > costs them in lost functionality and reliability.
> > Really? You have evidence of this?
>
> the evidence I have is from reading vendor advertisements for NAT boxes,
> and fro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> If you want to address denial of service issues you need protocol
> enforcement points.
Protocol enforcement points have so far failed to scale (today called
border routers). What you need is to fix a much wider problem.
- - kurtis -
-BEGIN P
On Wednesday, June 18, 2003, at 12:59 PM, Hallam-Baker, Phillip wrote:
Not at all.
If you want to address denial of service issues you need protocol
enforcement points.
This sounds like you are equating a NAT box with a firewall, which
seems to be common.
I would like to know:
- Is a NAT box a
> NAT is a denial of service attack, not a means of policy enforcement.
I wonder if NAT is to ietf discussions as Nazis was
to Usenet discussions.
That is, will every heated IETF debate eventually lead to
invoking the NAT bogyman?
And if that where to be true, would the corollary apply
that the
Eric Rescorla writes:
> Keith Moore <[EMAIL PROTECTED]> writes:
> > similarly, people who install NAT usually don't realize how much this
> > costs them in lost functionality and reliability.
> Really? You have evidence of this?
>
> I don't either, but my intuition is that you're wrong. Onc
Keith Moore <[EMAIL PROTECTED]> writes:
> > > the evidence I have is from reading vendor advertisements for NAT
> > > boxes, and from talking to people who run networks that use NAT.
> > > it's not a random sample, perhaps not a statistically significant
> > > one, but it's been enough to convinc
> What applications that people want to run--and the IT managers would
> want to enable--are actually inhibited by NAT? It seems to me that
> most of the applications inconvenienced by NAT are ones that IT
> managers would want to screen off anyway.
Not really. For example, ftp as originally defi
On woensdag, jun 18, 2003, at 21:17 Europe/Amsterdam, Bob Braden wrote:
Since 1980 we have believed that universal connectivity was one of the
great achievements of the Internet design. Today, one must
unfortunately question whether universal connectivity can be sustained
(or is even the right go
> From: Keith Moore <[EMAIL PROTECTED]>
> that's an oxymoron. the basic premis of NAT is fundamnetally broken.
Just out of interest, do you complain about gravity too?
We lost our chance to avoid NAT's when variable length addresses were removed
from TCPv2.5 (IIRC the version number corr
D]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: myth of the great transition (was US Defense Department
forma lly adopts IPv6)
> NAT is a denial of service attack, not a means of policy enforcement.
I wonder if NAT is to ietf discussions as Nazis was
to Usenet discu
The IAB has talked about NAT. A WG has produced a bunch of
RFCs about NAT. NAT is very widely deployed and comes in
10 different flavors. NAT has a bunch of architectural
ugliness and technical problems. So?
How about some lemonade? An Internet draft that says
something new about NATs would
Eric Rescorla [mailto:[EMAIL PROTECTED] wrote:
>> similarly, people who install NAT usually don't realize how much this
>> costs them in lost functionality and reliability.
>Really? You have evidence of this?
>I don't either, but my intuition is that you're wrong. Once you have
>decided to have
Iljitsch van Beijnum writes:
> On woensdag, jun 18, 2003, at 21:17 Europe/Amsterdam, Bob Braden wrote:
>
> > Since 1980 we have believed that universal connectivity was one of the
> > great achievements of the Internet design. Today, one must
> > unfortunately question whether universal conn
Keith Moore <[EMAIL PROTECTED]> writes:
> > I don't know enough about how you're doing your distributing computing
> > to have an opinion, but as for the other two... In my experience,
> > IT managers are pretty unhappy punching holes in their firewalls
> > for incoming SIP and IPsec, whether they
Melinda Shore <[EMAIL PROTECTED]> writes:
> > What applications that people want to run--and the IT managers would
> > want to enable--are actually inhibited by NAT? It seems to me that
> > most of the applications inconvenienced by NAT are ones that IT
> > managers would want to screen off anyway
Keith Moore <[EMAIL PROTECTED]> writes:
> > > In my experience, IT managers are generally pretty unhappy changing
> > > anything to support their users. People who actually use the
> > > computers or the network are regarded as a nuisance.
> >
> > Exactly. So, why do you it's NATs that are the ca
[EMAIL PROTECTED] (Michael Thomas) writes:
> Voice challenges this assumption to a very large
> degree. In fact, I not only want access to 99.99%
> of the other nodes on the net willing to speak RTP ...
actually i think you probably don't, or rather, won't.
telemarketing by robot is illegal in s
At 12:07 AM 6/19/2003 +, Paul Vixie wrote:
[EMAIL PROTECTED] (Michael Thomas) writes:
> Voice challenges this assumption to a very large
> degree. In fact, I not only want access to 99.99%
> of the other nodes on the net willing to speak RTP ...
actually i think you probably don't, or rather,
> Which BTW come July 1 becomes illegal in the US with the implementation of
> the Federal Trade Commission Do Not Call list.
which country's "federal" do you mean?
> http://www.ftc.gov/bcp/conline/edcams/donotcall/index.html
oh, that one. i guess that means the function will have to move offsh
On Wed, 18 Jun 2003 16:06:08 PDT, Eric Rescorla said:
> Melinda Shore <[EMAIL PROTECTED]> writes:
> > Not really. For example, ftp as originally defined doesn't
> > work through NATs, and no standard VoIP or multimedia
> > conferencing protocol works through NAT.
> None of these things worked r
[EMAIL PROTECTED] writes:
> On Wed, 18 Jun 2003 16:06:08 PDT, Eric Rescorla said:
> > Melinda Shore <[EMAIL PROTECTED]> writes:
>
> > > Not really. For example, ftp as originally defined doesn't
> > > work through NATs, and no standard VoIP or multimedia
> > > conferencing protocol works through
Valdis,
> Valdis Kletnieks wrote:
> If it doesn't work through a firewall, it's because the
> firewall is doing what you ASKED it to do - block certain
> classes of connections.
I'm sorry but it is nothing near being that simple. Although if it does
not work through a firewall, it MAYBE because t
On Wed, 18 Jun 2003 21:30:35 PDT, Eric Rescorla said:
> This seems to me like a false dichotomy. If I were deploying a NAT
> (which I didn't) there would be certain things I would care about
> and others I didn't. If I'm already firewalling off these services,
> why should I care if NAT blocks th
On Wed, 18 Jun 2003 21:55:34 PDT, Michel Py said:
> I'm sorry but it is nothing near being that simple. Although if it does
> not work through a firewall, it MAYBE because the firewall does block a
> class of traffic (more likely because someone forgot to punch the right
> hole), there are _plenty
[EMAIL PROTECTED] writes:
> On Wed, 18 Jun 2003 21:30:35 PDT, Eric Rescorla said:
>
> > This seems to me like a false dichotomy. If I were deploying a NAT
> > (which I didn't) there would be certain things I would care about
> > and others I didn't. If I'm already firewalling off these services,
> Valdis Kletnieks wrote:
> The point I was making is that if an NNTP connection fails because
> the firewall is *configured* to say 'None Shall Pass' (insert Monty
> Python .wav here ;) then that is *proper* behavior. If a VOIP
> connection fails because the NAT is saying 'None Shall Pass', then
On Wed, 18 Jun 2003 22:19:12 PDT, Eric Rescorla said:
> You've got it absolutely backwards. The fact that the NAT breaks applications
> that I don't want to run anyway is a FEATURE, not a bug.
And the fact that NAT breaks things that you DO want to run is a
> > And unfortunately, a lot of the J
Valdis,
> Valdis Kletnieks wrote:
> And unfortunately, a lot of the Just Does Not Work stuff are
> applications like H.323 and VOIP that Joe Sixpack actually
> *might* be interested in.
Unfortunately, there is no single reason [protocol or app xyz] does not
work over NAT. When [protocol or app x
Eric,
With due respects, there is a flaw in your thinking. Many ISPs give users NATed
adresses, without users really knowing or understanding what they are. When the users
try applications or serves which fail because of the non-transparency, the users may
not know the cause of the failures.
I
At 01:31 AM 6/19/2003, [EMAIL PROTECTED] wrote:
On Wed, 18 Jun 2003 22:19:12 PDT, Eric Rescorla said:
> You've got it absolutely backwards. The fact that the NAT breaks
applications
> that I don't want to run anyway is a FEATURE, not a bug.
And the fact that NAT breaks things that you DO want t
> From: Keith Moore <[EMAIL PROTECTED]>
> The reason that we are explaining (once again) why NAT sucks is that
> some people in this community are still in denial about that
The person who's most in denial around here is you - about how definitively
the market has, for the moment, cho
> Why is it so hard for people here to believe that customers might
> actually know what they want, even if you don't happen to think
> it's a good idea?
Going back a message or two, the firewall problem is more
tractible than the NAT problem but you're right, it's
similar in some of its impedimen
> From: Bob Braden <[EMAIL PROTECTED]>
> Today, one must unfortunately question whether universal connectivity
> can be sustained (or is even the right goal) in a networking
> environment without universal trust. Maybe NATs are, in fact, a result
> of a very deep problem with o
James Seng <[EMAIL PROTECTED]> writes:
> Why should the users be limited to what IT managers decide is good or bad?
>
> Internet is build on dumb network, smart terminal. End-users are
> suppose to be able to put up their own services, not just running some
> apps. This has been the Internet prin
"John Loughney" <[EMAIL PROTECTED]> writes:
> With due respects, there is a flaw in your thinking. Many ISPs give
> users NATed adresses, without users really knowing or understanding
> what they are. When the users try applications or serves which fail
> because of the non-transparency, the users
On Thu, Jun 19, 2003 at 07:49:14AM -0400, J. Noel Chiappa wrote:
>
> My take is that NAT's respond to several flaws in the IPv4 architecture:
>
> - 1) Not enough addresses - this being the one that brought them into
> existence.
> - 1a) Local allocation of addresses - a variant of the prece
[EMAIL PROTECTED] writes:
> On Wed, 18 Jun 2003 22:19:12 PDT, Eric Rescorla said:
>
> > You've got it absolutely backwards. The fact that the NAT breaks applications
> > that I don't want to run anyway is a FEATURE, not a bug.
>
> And the fact that NAT breaks things that you DO want to run is a
Keith Moore <[EMAIL PROTECTED]> writes:
> > Sadly, the IETF seems to find ways to generate immense amounts of heat over
> > NAT, while sticking its collective head in the sand with regards to
> > activity in the marketplace.
>
> the NAT vendors are the irresponsible ones. they create a mess out
Keith Moore <[EMAIL PROTECTED]> writes:
> > If the customers are getting what they want, that seems to me that it
> > can hardly be characterized as a "mess". And you have yet to establish
> > that they're not getting what they want.
>
> certainly the users I deal with are not getting what they w
Title: Re: myth of the great transition (was US Defense Department forma lly adopts IPv6)
Noel,
You are getting too cerebral. We can
look at the marketing info on the box of a NAT product to see what people think
they are getting:
1) Instant Internet Sharing for cable and
DSL
2
> This is more hyperbole. How have NATs created a mess out of the network?
> Yes, I understand that they've made the network environment more
> complicated which makes life hard on protocols designers. So what?
> If the customers are getting what they want, that seems to me that it
> can hardly be
andered far off
topic.
-Original Message-
From: James Seng [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 10:38 PM
To: Fleischman, Eric
Cc: EKR; Keith Moore; [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: myth of the great transition
"J. Noel Chiappa" wrote:
>
> > From: Keith Moore <[EMAIL PROTECTED]>
>
> > The reason that we are explaining (once again) why NAT sucks is that
> > some people in this community are still in denial about that
>
> The person who's most in denial around here is you - about how defini
Eric Rescorla writes:
> What applications that people want to run--and the IT managers would
> want to enable--are actually inhibited by NAT? It seems to me that
> most of the applications inconvenienced by NAT are ones that IT
> managers would want to screen off anyway.
Uh, have you paid no a
At 02:45 AM 6/19/2003 +, Paul Vixie wrote:
> Which BTW come July 1 becomes illegal in the US with the implementation of
> the Federal Trade Commission Do Not Call list.
which country's "federal" do you mean?
> http://www.ftc.gov/bcp/conline/edcams/donotcall/index.html
oh, that one. i guess
> Remember Paul ..the issue in most of these laws is to go after the
> company offering the products, porn, whatever _via_ spam.
and when they are syn-scanning me from outside the us i can tell who
their client is how?
and when the robot calls back asking me to hold on the line for a human
operat
> > The person who's most in denial around here is you - about how
> definitively
> > the market has, for the moment, chosen IPv4+NAT as the best balance
> between
> > cost and effectiveness.
> >
> > Get a grip. We all know you don't like NAT. You don't need to reply
to
> > *every* *single* *messag
Keith Moore <[EMAIL PROTECTED]> writes:
> > > certainly the users I deal with are not getting what they want.
> > > others seem to be reporting similar experiences.
> >
> > Then why don't they switch providers.
>
> variety of reasons: often the provider is not the problem, it's the local
> netwo
Michael Thomas <[EMAIL PROTECTED]> writes:
> Eric Rescorla writes:
> > What applications that people want to run--and the IT managers would
> > want to enable--are actually inhibited by NAT? It seems to me that
> > most of the applications inconvenienced by NAT are ones that IT
> > managers wo
Melinda Shore <[EMAIL PROTECTED]> writes:
> As I said before, the workarounds that are being
> used to help facilitate application traversal of NATs are
> definitely introducing new security problems that wouldn't
> exist if the NAT weren't there. There are other problems
> around robustness and ro
Eric Rescorla writes:
> Michael Thomas <[EMAIL PROTECTED]> writes:
>
> > Eric Rescorla writes:
> > > What applications that people want to run--and the IT managers would
> > > want to enable--are actually inhibited by NAT? It seems to me that
> > > most of the applications inconvenienced
On donderdag, jun 19, 2003, at 13:49 Europe/Amsterdam, J. Noel Chiappa
wrote:
Maybe NATs are, in fact, a result
of a very deep problem with our architecture.
My take is that NAT's respond to several flaws in the IPv4
architecture:
- 1) Not enough addresses - this being the one that brought the
Exactly. A NAPT (not a NA(!P)T ..) is in fact a perfectly good
firewall* for the home user. So all this argumentation that a "NAPT is
not a firewall" is bunk.
* where firewall = a device that protect my internal net from external
threats
simon
On Thursday, June 19, 2003, at 03:46 AM, Da
Keith, I don't get this argument. A NAPT is a firewall by your own
definition "I believe the primary purpose of firewalls should be to
protect the network, not the hosts, from abusive or unauthorized
usage." It's implementing a very simple policy, protect me from the
outside world.
simon
On T
Keith Moore <[EMAIL PROTECTED]> writes:
> > > until recently the only way I could get even one
> > > static IP address for my home was through a special deal with a
> > > friend of mine who had a small ISP, and the best bandwidth I could
> > > get was 128kbps. none of the other local providers wo
Michael Thomas <[EMAIL PROTECTED]> writes:
> Eric Rescorla writes:
> > Michael Thomas <[EMAIL PROTECTED]> writes:
> >
> > > Eric Rescorla writes:
> > > > What applications that people want to run--and the IT managers would
> > > > want to enable--are actually inhibited by NAT? It seems to
*>
*> So, on the one hand, we have the actual behavior of millions of people.
*> On the other hand we have Keith Moore's opinion about what they ought
*> to prefer. I don't have any trouble figuring out which one I believe.
*>
*> -Ekr
*>
Erik,
Errr, let's see if I understand yo
Keith Moore <[EMAIL PROTECTED]> writes:
> > Yeah, that there's a subset who cares. They got it. The market is
> > working.
>
> the market is dysfunctional. it doesn't always fail to deliver what is
> needed, but it often does.
That's your claim. I don't buy it.
> > Apparently not, or they wold
Bob Braden <[EMAIL PROTECTED]> writes:
> *>
> *> So, on the one hand, we have the actual behavior of millions of people.
> *> On the other hand we have Keith Moore's opinion about what they ought
> *> to prefer. I don't have any trouble figuring out which one I believe.
> *>
> *> -Ek
On Thursday, June 19, 2003, at 01:54 PM, Keith Moore wrote:
Keith, I don't get this argument. A NAPT is a firewall by your own
definition "I believe the primary purpose of firewalls should be to
protect the network, not the hosts, from abusive or unauthorized
usage."
only if the policy that the u
Keith Moore <[EMAIL PROTECTED]> writes:
> > > they would switch if they had alternatives available. but people
> > > like you keep claiming that alternatives aren't needed because the
> > > market has spoken.
> >
> > Nonsense. I'd love to see an alternative. Obviously, NATS have costs
> > and a s
On Thu, Jun 19, 2003 at 11:10:03AM -0700, Eric Rescorla wrote:
> Users aren't physically handcuffed to their Internet connections.
> They have choices as to who to purchase connectivity from. Those
> users, if they chose, could purchase connectivity with static IP
> addresses and no NAT. They by an
Eric Rescorla writes:
> P.S. And btw, I'm not advocating NAT. What I'm advocating is that
> we stop behaving as if we think that anyone who uses NAT is obviously
> an idiot.
I don't think that I've seen anybody say that.
Most people who use NAT have no clue one way or
the other about NAT any mo
> I'm not sure what you mean by routing above. Are you suggesting there's
> some negative externality in that NAT makes the routing infrastructure
> more complicated? If so, what is it?
If you're multihomed and your route changes, your address
changes. (Yes, this happens).
I am profoundly weirde
> Keith, I don't get this argument. A NAPT is a firewall by your own
> definition "I believe the primary purpose of firewalls should be to
> protect the network, not the hosts, from abusive or unauthorized
> usage." It's implementing a very simple policy, protect me from the
> outside world.
N
I said I was done with this discussion, but I think Melinda
deserves a response here.
Melinda Shore <[EMAIL PROTECTED]> writes:
> > I'm not sure what you mean by routing above. Are you suggesting there's
> > some negative externality in that NAT makes the routing infrastructure
> > more complicat
> Does this seem like a weird position for an IAB member to take?
> I don't think so.
I think economics provides useful tools for talking about
and evaluating this stuff, too, but I think it's pretty
evident that you can optimize for anything you like and get
different results. I question whethe
Melinda Shore <[EMAIL PROTECTED]> writes:
> > Does this seem like a weird position for an IAB member to take?
> > I don't think so.
>
> I think economics provides useful tools for talking about
> and evaluating this stuff, too, but I think it's pretty
> evident that you can optimize for anything
Keith Moore <[EMAIL PROTECTED]> writes:
> > (1) There are some set of problems that users have or
> > believe they have.
> >
> > (2) NAT solves at least some of those problems, at some
> > cost (say Cn), both financial and operational and
> > that solution has benefit Bn.
> >
> > (3)
There's ample evidence that many users aren't aware of the costs of
using NAT, or especially, weren't aware of those costs before they
started using NAT - so their choices were poorly informed. So no, it's
not reasonable to conclude that decisions to use NATs are justified by
realistic cost-benefit
Eric,
> Eric Rescorla wrote:
> The fact that a large number of people have chosen
> to use NAT is a strong argument that B>C. (Here's
> where the invocation of revealed preference comes in).
This is not the point. What you are saying is that since B>C it makes
NAT OK. What I am saying (and possib
Keith,
>> Michel Py wrote:
>> IMHO, here is the deal: IPv4 NAT does suck, but there is
>> nothing we can do to remove it; so the only worthy
>> efforts are 1) maybe try to make it less worse (I will
>> not go as far as saying better) and 2) let's not make
>> the same mistake with IPv6.
> Keith M
Ted,
> Theodore Ts'o wrote:
> So 30 static IP addresses, with a slower service, is over
> *five* times more expensive, and over twice as expensive
> as faster service with only 2 static IP addresses.
> As much as I hate NAT, from an aesthetic perspective,
> using two static IP addresses and a NA
Eric Rescorla writes:
> I said I was done with this discussion, but I think Melinda
> deserves a response here.
>
> Melinda Shore <[EMAIL PROTECTED]> writes:
>
> > > I'm not sure what you mean by routing above. Are you suggesting there's
> > > some negative externality in that NAT makes th
Thus spake "James Seng" <[EMAIL PROTECTED]>
> The question: smart terminal or smart network?
>
> I believe in smart terminal. Nothing there suggest you should not run
> your firewall or any other filtering software on your end-terminal.
>
> End-machine are vulnerable? Then fixed the end-machine. It
Michael Thomas <[EMAIL PROTECTED]> writes:
> So just saying that NAT is here get used to it is,
> architecturally, not helpful. The split of effort
> is to put it mildly a huge drain on engineering
> talent, but more importantly the net is becoming
> more and more incomprehensible because of it, bo
On Thu, 19 Jun 2003 07:27:03 EDT, "J. Noel Chiappa" said:
> The person who's most in denial around here is you - about how definitively
> the market has, for the moment, chosen IPv4+NAT as the best balance between
> cost and effectiveness.
Actually Noel, I think what he's in denial about is the f
h of the great transition (was US Defense Department
forma lly adopts IPv6)
> > until recently the only way I could get even one
> > static IP address for my home was through a special deal with a
> > friend of mine who had a small ISP, and the best bandwidth I could
> &g
> From: Eric Rescorla <[EMAIL PROTECTED]>
> (2) NAT solves at least some of those problems, at some
>cost (say Cn), both financial and operational and
>that solution has benefit Bn.
> (3) The fact that a large number of people have chosen
> to use NAT is a stro
On Fri, 20 Jun 2003 13:47:35 +0530, manojd <[EMAIL PROTECTED]> said:
> Since the issue is stable end-points, could something like this be a patch
> for v4 NATs?
No.
> c) Externally visible port number used by an application on some device is
> composed of its stable 8-bit number known to NAT, pl
> From: Keith Moore <[EMAIL PROTECTED]>
> ...
> the reason I point out the flaws with NAT is not that I think we can get
> rid of them in v4. it's because some people are still of the belief that
> NATs are mostly harmless and that we should not only permit them
> into v6, but extend our architect
*> do it. In the meantime, I wear a hat.
*>
*> -Ekr
*>
Perhaps that was Keith's point... a hat as a cure for baldness is
akin to a NAT box as a cure for end system insecurity.
Bob Braden
On Friday, June 20, 2003, at 07:48 AM, J. Noel Chiappa wrote:
That group has no reason to deploy any new technology - what they have
already works fine for them. So if there is a very large population of
N-U,
especially if they are a big enough group to be a majority of the
Internet
user base,
> From: Keith Moore <[EMAIL PROTECTED]>
>>> the reason I point out the flaws with NAT is .. because some people
>>> are still of the belief that NATs are mostly harmless and that we
>>> should not only permit them into v6, but extend our architecture to
>>> embrace them.
>
> From: Keith Moore <[EMAIL PROTECTED]>
>> That means that i) NAT+v4 is here to stay, permanently, as the
>> packet-forwarding substrate on which we have to live, and ii) many
>> "solutions" to the "NAT problem" have a badly faulty key premise -
>> which is that the solution wi
> From: Michael Thomas <[EMAIL PROTECTED]>
> we're being driven as a community to do both with the ensuing insanity
> of two broken models being forced to cohabitate, all the while neither
> meeting the actual requirements.
Time to hit the "reset" button on our current direction,
> Keith Moore wrote:
> Which is why I've done some work to try to make the barrier to
> adopting IPv6 on an existing IPv4 network as low as possible.
What you don't realize is that the only thing that you have left to do
is to get 6to4 implemented in NAT boxes. If every Linksys had 6to4 code
and w
> Aren't Microsoft already "standardizing" this with their Universal Plug and
> Play (UPnP) architecture?
That's just midcom, which the IETF is standardizing. We
started before they did but Microsoft got there first and
worst (there's even midcom language in their documents). So
that's something
On donderdag, jun 19, 2003, at 23:42 Europe/Amsterdam, Eric Rescorla
wrote:
Realistically, there are three kinds of utility
effects of someone choosing to install a NAT:
(1) The effect on them personally.
(2) The effect on other people who might potentially correspond
with them (a rather sma
> It would be interesting to see how much of the IETF's resources are
> used up by NAT issues.
Probably not as much as needed, actually.
Be that as it may, let's do some arithmetic: I would guess
that the really huge equipment vendors probably have about
50 FTEs each working on NAT workaround
>> Aren't Microsoft already "standardizing" this with their Universal Plug and
>> Play (UPnP) architecture?
>
> That's just midcom, which the IETF is standardizing. We
> started before they did but Microsoft got there first and
> worst (there's even midcom language in their documents). So
> that'
99 matches
Mail list logo
