Re: [anonsec] Connection Latching draft review (draft-ietf-btns-connection-latching-04.txt)

Black_David@emc.com Wed, 09 January 2008 16:36 UTC

Return-path: <anonsec-bounces@postel.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JCdv0-0004am-Io for btns-archive-waDah9Oh@lists.ietf.org; Wed, 09 Jan 2008 11:36:42 -0500
Received: from boreas.isi.edu ([128.9.160.161]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1JCdv0-0004ym-2h for btns-archive-waDah9Oh@lists.ietf.org; Wed, 09 Jan 2008 11:36:42 -0500
Received: from boreas.isi.edu (localhost [127.0.0.1]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id m09GOELC006623; Wed, 9 Jan 2008 08:24:18 -0800 (PST)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id m09GMcEt006253 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <anonsec@postel.org>; Wed, 9 Jan 2008 08:22:40 -0800 (PST)
Received: from hop04-l1d11-si02.isus.emc.com (HOP04-L1D11-SI02.isus.emc.com [10.254.111.55]) by mexforward.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id m09GMaWU013925; Wed, 9 Jan 2008 11:22:36 -0500 (EST)
Received: from mailhub.lss.emc.com (uraeus.lss.emc.com [10.254.144.14]) by hop04-l1d11-si02.isus.emc.com (Tablus Interceptor); Wed, 9 Jan 2008 11:22:36 -0500
Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.64.53]) by mailhub.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id m09GMV1m005851; Wed, 9 Jan 2008 11:22:34 -0500 (EST)
From: Black_David@emc.com
Received: from CORPUSMX20A.corp.emc.com ([128.221.62.13]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 9 Jan 2008 11:22:33 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 9 Jan 2008 11:22:31 -0500
Message-ID: <8CC6CEAB44F131478D3A7B429ECACD91085EC0@CORPUSMX20A.corp.emc.com>
In-Reply-To: <20080108225208.GW22538@Sun.COM>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [anonsec] Connection Latching draft review (draft-ietf-btns-connection-latching-04.txt)
thread-index: AchSSR7GbIP9v4iXTf6o3VTmasp/CgAkkK+w
References: <8CC6CEAB44F131478D3A7B429ECACD91085EA3@CORPUSMX20A.corp.emc.com> <20080108211846.GT22538@Sun.COM> <8CC6CEAB44F131478D3A7B429ECACD91085EB3@CORPUSMX20A.corp.emc.com> <20080108225208.GW22538@Sun.COM>
To: <Nicolas.Williams@sun.com>
X-OriginalArrivalTime: 09 Jan 2008 16:22:33.0328 (UTC) FILETIME=[D6B0B700:01C852DB]
X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.5.1.298604, Antispam-Data: 2007.8.30.51425
X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -3, NO_REAL_NAME 0, __C230066_P5 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0'
X-Tablus-Inspected: yes
X-Tablus-Classifications: public
X-Tablus-Action: allow
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: black_david@emc.com
X-MIME-Autoconverted: from quoted-printable to 8bit by boreas.isi.edu id m09GMcEt006253
Cc: anonsec@postel.org, tsv-dir@ietf.org
Subject: Re: [anonsec] Connection Latching draft review (draft-ietf-btns-connection-latching-04.txt)
X-BeenThere: anonsec@postel.org
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: "Discussions of anonymous Internet security." <anonsec.postel.org>
List-Unsubscribe: <http://mailman.postel.org/mailman/listinfo/anonsec>, <mailto:anonsec-request@postel.org?subject=unsubscribe>
List-Archive: <http://mailman.postel.org/pipermail/anonsec>
List-Post: <mailto:anonsec@postel.org>
List-Help: <mailto:anonsec-request@postel.org?subject=help>
List-Subscribe: <http://mailman.postel.org/mailman/listinfo/anonsec>, <mailto:anonsec-request@postel.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: anonsec-bounces@postel.org
Errors-To: anonsec-bounces@postel.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 02ec665d00de228c50c93ed6b5e4fc1a

Nico,

> > > > -- NATs
> > > > 
> > > > p.5 says:
> > > 
> > > Well, does it hurt to have this?  I suppose this could be a MAY,
if
> > > implementors object (or it could be downgraded to MAY or removed
> > > altogether when in the progression to Standard).
> > > 
> > > I don't feel too strongly about it, but I also don't feel too
strongly
> > > about discouraging the use of NATs (face it: NATs are here to
stay, at
> > > least in the IPv4 world).
> > 
> > This isn't about discouraging use of NATs; I completely agree
> > that NATs are a fact of life for IPv4.  This is about avoiding
> > encouragement of NAT-specific code in protocols and applications
> > that don't need it (i.e., work just fine with IPsec NAT traversal).
> 
> I think this text doesn't do that at all.  Why would application
> developers bother to ask about NAT-related information when 
> they already know that their app works with IPsec NAT traversal?

Because there's a "SHOULD" in the standard written by people who
may have more of a clue about NATs.

> > Think of the goal as "damage containment" - it does hurt to
> > encourage unnecessary attempts to deal with NATs.  It may be ok
> > to have the interface if the interface adds value to what apps
> > already have to do to cope with NATs, but there should be a
> > rationale for the added value.
> 
> But also, and more to the point, as long as we accept the existence of
> NATs we might as well accept the existence of protocols which need
help
> to traverse them, and then we should accept some of the responsibility
for
> helping them.
> 
> I'd reverse your question and ask how making this information
available
> to the application developer encourages the development of new
> applications that need help in order to traverse NATs.

I hereby renew my membership in the "if in doubt, leave it out"
design camp ;-).  In any case, I'm ok with making the requirement
a MAY, at least for now.  

Thanks,
--David
----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------

_______________________________________________