Re: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...))
Keith Moore <moore@cs.utk.edu> Mon, 31 March 2003 17:56 UTC
Received: from ran.ietf.org (ran.ietf.org [10.27.6.60]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA16634; Mon, 31 Mar 2003 12:56:30 -0500 (EST)
Received: from majordomo by ran.ietf.org with local (Exim 4.10) id 1903j0-0001BE-00 for ietf-list@ran.ietf.org; Mon, 31 Mar 2003 13:09:38 -0500
Received: from odin.ietf.org ([10.27.2.28] helo=ietf.org) by ran.ietf.org with esmtp (Exim 4.10) id 1903iv-000198-00 for ietf@ran.ietf.org; Mon, 31 Mar 2003 13:09:33 -0500
Received: from astro.cs.utk.edu (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA16509 for <ietf@ietf.org>; Mon, 31 Mar 2003 12:53:11 -0500 (EST)
Received: from astro.cs.utk.edu (localhost [127.0.0.1]) by astro.cs.utk.edu (cf 8.9.3) with SMTP id h2VHtUA06081; Mon, 31 Mar 2003 12:55:30 -0500 (EST)
Date: Mon, 31 Mar 2003 12:55:29 -0500
From: Keith Moore <moore@cs.utk.edu>
To: Christian Huitema <huitema@windows.microsoft.com>
Cc: moore@cs.utk.edu, alh-ietf@tndh.net, john-ietf@jck.com, ietf@ietf.org
Subject: Re: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...))
Message-Id: <20030331125529.2819a5a8.moore@cs.utk.edu>
In-Reply-To: <DAC3FCB50E31C54987CD10797DA511BA027E0E26@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
References: <DAC3FCB50E31C54987CD10797DA511BA027E0E26@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
X-Mailer: Sylpheed version 0.8.9 (GTK+ 1.2.10; i386--netbsdelf)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: owner-ietf@ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit
> > applications cannot be expected to deal with filters in any way > > other than to report that the communication is prohibited. the > > "well known" flag exists and is called ICMP. > > Well, that is emphatically *NOT* what application developers do. They > do not just observe that it does not work, they try to work around, > e.g. routing messages to a different address, at a different time, > through a third party, or through a different protocol. that's because (a) customers demand that apps work even in the presence of NAT, no matter how unreasonable this is, and (b) the way most filters are implemented, there's no good way for an app to tell whether a communications failure is due to a network or host failure or to a prohibition. ICMP is the only mechanism we have to do this, and it's not widely used. > Silently dropping packets is certainly not the right way to get an > application to stop trying. ICMP messages won't achieve that either: > since ICMP is insecure, it is routinely ignored. ICMP may be routinely ignored, but on false premises. ICMP is no less secure than anything else in TCP or IP that is routinely trusted. > Which actually poses an interesting question: when should an > application just give up? IMHO, there is only one clear-cut case, i.e. > when the application actually contacted the peer and obtained an > explicit statement that the planned exchange should not take place -- > the equivalent of a 4XX or 5XX error in SMTP or HTTP. I'd claim that ICMP prohibited is another case for giving up. note that a 4xx error is an explicit "it's okay to retry" indication. Keith
- RE: Thinking differently about the site local pro… Michel Py
- RE: Thinking differently about the site local pro… Christian Huitema
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about the site local pro… Margaret Wasserman
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Vernon Schryver
- RE: Thinking differently about the site local pro… Tony Hain
- Re: Thinking differently about the site local pro… Eliot Lear
- Re: Thinking differently about the site local pro… Valdis.Kletnieks
- Thinking differently about names and addresses Dave Crocker
- Re: Thinking differently about the site local pro… Måns Nilsson
- Re: Thinking differently about the site local pro… Stephen Sprunk
- RE: Thinking differently about the site local pro… Margaret Wasserman
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… Matt Crawford
- Re: Thinking differently about the site local pro… Matt Crawford
- RE: Thinking differently about the site local pro… Michel Py
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Valdis.Kletnieks
- Re: Thinking differently about the site local pro… Matt Crawford
- RE: Thinking differently about the site local pro… John C Klensin
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about the site local pro… Tony Hain
- Re: Thinking differently about the site local pro… Valdis.Kletnieks
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… S Woodside
- RE: Thinking differently about the site local pro… Michel Py
- RE: Thinking differently about names and addresses Tony Hain
- Re: Thinking differently about names and addresses Dave Crocker
- site locals are bankrupt Keith Moore
- Re: Thinking differently about names and addresses John C Klensin
- Re: Thinking differently about names and addresses Harald Tveit Alvestrand
- Re: Thinking differently about the site local pro… John Stracke
- RE: Thinking differently about names and addresses Tony Hain
- Re: Thinking differently about the site local pro… John Stracke
- Re: Thinking differently about the site local pro… J. Noel Chiappa
- Re: Thinking differently about the site local pro… J. Noel Chiappa
- Re: Thinking differently about names and addresses Keith Moore
- Re: Thinking differently about names and addresses Dave Crocker
- Re: Thinking differently about names and addresses Dave Crocker
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about names and addresses Tony Hain
- Re: Thinking differently about names and addresses Keith Moore
- Re: Thinking differently about the site local pro… Bill Manning
- Re: Thinking differently about the site local pro… Michael Richardson
- Re: Thinking differently about the site local pro… Pekka Savola
- Re: Thinking differently about the site local pro… Harald Tveit Alvestrand
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Spencer Dawkins
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… Bill Manning
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… John C Klensin
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… Randy Bush
- RE: Thinking differently about the site local pro… Tony Hain
- RE: Thinking differently about the site local pro… Daniel Senie
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Tony Hain
- Re: Thinking differently about the site local pro… John Stracke
- Re: Thinking differently about the site local pro… Keith Moore
- RE: Thinking differently about the site local pro… Brian Zill
- Re: Thinking differently about the site local pro… Fredrik Nyman
- RE: Thinking differently about the site local pro… Jeroen Massar
- RE: Thinking differently about the site local pro… Margaret Wasserman
- RE: Thinking differently about the site local pro… Jeroen Massar
- Re: Thinking differently about the site local pro… John Stracke
- Re: Thinking differently about the site local pro… Keith Moore
- Re: Thinking differently about the site local pro… John Stracke
- v6 support (was Re: Thinking differently about th… Keith Moore
- Re: v6 support (was Re: Thinking differently abou… Steven M. Bellovin
- Re: v6 support (was Re: Thinking differently abou… Eric Rosen