IETF Logo Mail Archive

Re: IESG position on NAT traversal and IPv4/IPv6

Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Tue, 16 November 2010 02:43 UTC

Return-Path: <mohta@necom830.hpcl.titech.ac.jp>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 650EA3A6D90 for <ietf@core3.amsl.com>; Mon, 15 Nov 2010 18:43:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.976
X-Spam-Level: *
X-Spam-Status: No, score=1.976 tagged_above=-999 required=5 tests=[AWL=0.106, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_BL_SPAMCOP_NET=1.96]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oHnkuoh08AlS for <ietf@core3.amsl.com>; Mon, 15 Nov 2010 18:43:53 -0800 (PST)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132]) by core3.amsl.com (Postfix) with SMTP id 2FA093A6D8E for <ietf@ietf.org>; Mon, 15 Nov 2010 18:43:53 -0800 (PST)
Received: (qmail 97910 invoked from network); 16 Nov 2010 03:18:05 -0000
Received: from vaio.hpcl.titech.ac.jp (HELO ?131.112.32.134?) (131.112.32.134) by necom830.hpcl.titech.ac.jp with SMTP; 16 Nov 2010 03:18:05 -0000
Message-ID: <4CE1EFE7.5010307@necom830.hpcl.titech.ac.jp>
Date: Tue, 16 Nov 2010 11:43:51 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: mrex@sap.com
Subject: Re: IESG position on NAT traversal and IPv4/IPv6
References: <201011160020.oAG0KbUl026245@fs4113.wdf.sap.corp>
In-Reply-To: <201011160020.oAG0KbUl026245@fs4113.wdf.sap.corp>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2010 02:43:54 -0000

Martin Rex wrote:

>> FYI, traversable firewall is, by definition, broken.

> Try to convince folks to completely remove all outside doors,
> windows, window gates, curtain, blinds, flyscreens from
> their home to "leverage" many convenient un-restricted openings
> to the interior of the house.

I'm not arguing against firewalls. There are various kinds of
firewalls each of which has its own configuration.

Just as path MTU discovery can not stop people filtering
ICMP, firewall traversal protocols can not traverse most
firewalls.

Instead, related parties with firewalls can communicate each
other through proper configuration of their firewalls without
any traversal protocols.

> If your plan is to further delay IPv6 as long as possible, then
> making it dependent on unrestricted end-to-end IPv6 connectivity
> might be the most reliable approach to ensure the maximum pain
> and resistance.

All we need is to enable, but NOT MANDATE, complete end to end
transparency.

It is of course that end to end connectivity can be blocked
by firewalls.

						Masataka Ohta

v2.23.0 | Report a Bug | By Email