Re: IESG position on NAT traversal and IPv4/IPv6

Hey, are you Japanese or Not?
Have you already quited Japanese?

Anyone should consider about both the protocol and
the constitution of own nation simultaneously.

It's the matter of right or wrong, not legal or illegal.

---
TaddyHatty, 　

>
> Martin Rex wrote:
>
>>>> Correct.  It is called the HTTP CONNECT method.
>>>
>>> If, with your definition of "traversal", tunneling is a form
>>> of traversal, tunneling by IPSEC is a standard firewall
>>> traversal protocol and is much better than HTTP CONNECT
>>> because of UDP.
>>
>> Not quite.  Tunneling needs matching configurations on both ends,
>
> Yes, of course.
>
>> and that rarely works, in particular on a global scale with
>> peers you do not know a-priori.
>
> Where is the point to use firewalls or firewall functionality
> of NAT to be tunneled by someone you do not know a-priori?
>
> That's why I said:
>
> : FYI, traversable firewall is, by definition, broken.
>
> Or, if you are saying you and your peer are members of some
> large organization, the organization can take care of
> IPSEC peering configuration.
>
> But, too often, it is a lot easier, a lot more convenient and
> a lot more flexible to use ID/password at the application layer,
> which is partly why IPSEC is not really deployed.
>
>> Home DSL routers usually do NAT.  For outgoing connections,
>> they're transparent.
>
> Unlike end to end NAT, legacy NAT is not very transparent.
>
>> For incoming connections, it is either
>> possible to configure static mappings (external->internal)
>
> If you want to run servers behind NAT, you need static IP
> addresses and static port numbers, of course.
>
>> or there might be some dynamic configurability through UPnP.
>> UDP included.
>
> It works only after a connection is established through
> a static IP address and a port number.
>
> Masataka Ohta
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf 