IETF Logo Mail Archive

Re: IESG position on NAT traversal and IPv4/IPv6

Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Mon, 15 November 2010 20:48 UTC

Return-Path: <mohta@necom830.hpcl.titech.ac.jp>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ACE2D3A6D25 for <ietf@core3.amsl.com>; Mon, 15 Nov 2010 12:48:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.233
X-Spam-Level: *
X-Spam-Status: No, score=1.233 tagged_above=-999 required=5 tests=[AWL=-0.637, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_BL_SPAMCOP_NET=1.96]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id smJOqCgdK8gu for <ietf@core3.amsl.com>; Mon, 15 Nov 2010 12:48:56 -0800 (PST)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132]) by core3.amsl.com (Postfix) with SMTP id 9D8933A6D2F for <ietf@ietf.org>; Mon, 15 Nov 2010 12:48:41 -0800 (PST)
Received: (qmail 90115 invoked from network); 15 Nov 2010 21:15:46 -0000
Received: from softbank219001188004.bbtec.net (HELO ?192.168.1.21?) (219.1.188.4) by necom830.hpcl.titech.ac.jp with SMTP; 15 Nov 2010 21:15:46 -0000
Message-ID: <4CE19AEB.5020307@necom830.hpcl.titech.ac.jp>
Date: Tue, 16 Nov 2010 05:41:15 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>
Subject: Re: IESG position on NAT traversal and IPv4/IPv6
References: <F443844F-67B6-418F-9E32-B2F498686650@acmepacket.com> <4CE0F9D9.2050002@ericsson.com> <4CE1228F.3090409@piuha.net> <4CE12517.4080908@necom830.hpcl.titech.ac.jp> <AANLkTinW7auVw8EB+v4_WXiHPDxoRiyhmYPaLZ98uie-@mail.gmail.com>
In-Reply-To: <AANLkTinW7auVw8EB+v4_WXiHPDxoRiyhmYPaLZ98uie-@mail.gmail.com>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2010 20:48:56 -0000

Phillip Hallam-Baker wrote:

> You are incorrect.
> 
> Firewalls can be used for many purposes. Authenticated traversal is well
> established in the firewall model.

Given the diversity of firewalls and their operations, it's
practically impossible.

> There is a copious amount of prior art.

Remember what happened to path MTU discovery.

Just as path MTU discovery for IPv6 won't work, you can't expect
firewalls in the real world behave friendly to your own firewall
traversing protocols.

						Masataka Ohta

v2.23.0 | Report a Bug | By Email