[Ietf-behave] A comment on draft-iab-nat-traversal-considerations-00
Philip Matthews <matthews@nimcatnetworks.com> Wed, 16 March 2005 13:40 UTC
From: Philip Matthews <matthews@nimcatnetworks.com>
Date: Wed, 16 Mar 2005 05:40:19 -0800
Subject: [Ietf-behave] A comment on draft-iab-nat-traversal-considerations-00
Message-ID: <4238373C.50902@nimcatnetworks.com>
MIME-Version: 1.0
Content-Type: text/plain
[I originally CC'ed this to the SIPPING list by mistake. My apologies to those who see it twice.] http://www.ietf.org/internet-drafts/draft-iab-nat-traversal-considerations-00.txt Jonathan: Here is my one major comment on this document. In a separate e-mail message, I will post a number of minor and editorial comments. In section 3, the document states that there are three logical components involved (client, NAT, and server) and thus 7 combinations of modifications that can be made. The document then proceeds to classify each existing NAT traversal solution into one of these 7 approaches. In section 4, the document then discusses considerations for selecting a solution. What is not really clear, however, is whether the discussion in section 4 is meant to talk about the 7 approaches in general, or the specific existing solutions mentioned in the document. At times, the document seems to talk about the properties of a specific existing solution, while at other times the document seems to talk about the properties of a general approach (i.e., one of the 7). For example, much of section 4 talks about the problems with the ALG approach. Since no specific examples of ALGs are discussed, it seems that any specific solution that involves modifying the NAT alone is covered by this discussion, and thus much of section 4 is really a discussion of the properties of the "Modifying the NAT" approach. In my opinion, the document would be much more useful if it presented a systematic exploration of the strengths and weaknesses of *each* of the 7 approaches. That is, rather than discussing the properties of a specific solution within one of the 7 general approaches, the document would discuss the properties of each approach in general. As mentioned above, the document already seems to do this for the approach of "Modifying the NAT". Unfortunately, because there is no similar discussion about the properties of the other approaches, these sections read somewhat like a rant against ALGs rather than a reasoned discussion. Certainly, as I read these sections, I was thinking that some of these comments also applied to other approaches. So specifically, I suggest organizing the document so that it systematically goes through each of the 7 approaches and talks about the security and other properties of the approach in general, and only talks about specific solutions within the approach when necessary to illustrate a point. Doing this would help focus IETF work into certain approaches. For example, it might become clear that only one or two approaches are really suitable, and the IETF should focus its efforts into developing solutions within these approaches. - Philip
- [Ietf-behave] A comment on draft-iab-nat-traversa… Philip Matthews