[Ietf-behave] A comment on draft-iab-nat-traversal-considerations-00

[Philip Matthews <matthews@nimcatnetworks.com>]

[I originally CC'ed this to the SIPPING list by mistake.
My apologies to those who see it twice.]
http://www.ietf.org/internet-drafts/draft-iab-nat-traversal-considerations-00.txt

Jonathan:

Here is my one major comment on this document.
In a separate e-mail message, I will post a number of minor and
editorial comments.
In section 3, the document states that there are three logical components
involved (client, NAT, and server) and thus 7 combinations of modifications
that can be made. The document then proceeds to classify each existing NAT
traversal solution into one of these 7 approaches. In section 4, the document
then discusses considerations for selecting a solution.
What is not really clear, however, is whether the discussion in section 4
is meant to talk about the 7 approaches in general, or the specific existing
solutions mentioned in the document. At times, the document seems to talk
about the properties of a specific existing solution, while at other times
the document seems to talk about the properties of a general approach
(i.e., one of the 7).
For example, much of section 4 talks about the problems with the ALG approach.
Since no specific examples of ALGs are discussed, it seems that any specific
solution that involves modifying the NAT alone is covered by this discussion,
and thus much of section 4 is really a discussion of the properties of the
"Modifying the NAT" approach.
In my opinion, the document would be much more useful if it presented a
systematic exploration of the strengths and weaknesses of *each* of the 7
approaches. That is, rather than discussing the properties of a specific
solution within one of the 7 general approaches, the document would discuss
the properties of each approach in general.
As mentioned above, the document already seems to do this for the approach of
"Modifying the NAT". Unfortunately, because there is no similar discussion about
the properties of the other approaches, these sections read somewhat like a rant
against ALGs rather than a reasoned discussion. Certainly, as I read these
sections, I was thinking that some of these comments also applied to other
approaches.
So specifically, I suggest organizing the document so that
it systematically goes through each of the 7 approaches and talks about the
security and other properties of the approach in general, and only talks
about specific solutions within the approach when necessary to illustrate
a point. Doing this would help focus IETF work into certain approaches.
For example, it might become clear that only one or two approaches are really
suitable, and the IETF should focus its efforts into developing solutions
within these approaches.
- Philip