IETF Logo Mail Archive

Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations

Oleg Moskalenko <mom040267@gmail.com> Mon, 23 September 2013 07:01 UTC

Return-Path: <mom040267@gmail.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D27621F9E96 for <pntaw@ietfa.amsl.com>; Mon, 23 Sep 2013 00:01:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.397
X-Spam-Level:
X-Spam-Status: No, score=-2.397 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rx-enxZ+i5mj for <pntaw@ietfa.amsl.com>; Mon, 23 Sep 2013 00:01:17 -0700 (PDT)
Received: from mail-pd0-x22d.google.com (mail-pd0-x22d.google.com [IPv6:2607:f8b0:400e:c02::22d]) by ietfa.amsl.com (Postfix) with ESMTP id D996A21F9E94 for <pntaw@ietf.org>; Mon, 23 Sep 2013 00:01:16 -0700 (PDT)
Received: by mail-pd0-f173.google.com with SMTP id p10so2852287pdj.32 for <pntaw@ietf.org>; Mon, 23 Sep 2013 00:01:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ZugmGHX/sVibrCqBcRVixHOcEYJADkZn37yf0glBLZg=; b=CUte4wODYtnlxh0z/heAekgKvgVhsZjw+UweEQrr8vcnBit0qsN/yLC1KwUp7YbF2D PPr2pyMnOMmBqtYhmvirfHKvBck+Va0aq0jx8sB2FpeXABgXi8bROpCazSqws+3FR70a LpY1c7EEdhss0vMiZTNHwb7IaXdB8FAOS98idUpCmXGJj4tF3E4/EtyGE+eg+YWppWWM Q58vvmXmLUNq4zmUIRAqCSSdGFwieUIKxKY6LFcijejBwwMWF1AcCcoDZc3jvhLcauQP dS3ws//jBudi1kLDPGl453AqKTJvTJFwlXq/zx53cWKFrrvOCehsmdspivoxy/fU5Jy1 sxow==
MIME-Version: 1.0
X-Received: by 10.66.170.168 with SMTP id an8mr23549357pac.58.1379919676070; Mon, 23 Sep 2013 00:01:16 -0700 (PDT)
Received: by 10.68.91.163 with HTTP; Mon, 23 Sep 2013 00:01:16 -0700 (PDT)
In-Reply-To: <523FE3E7.3060101@gmail.com>
References: <9F33F40F6F2CD847824537F3C4E37DDF17BCF3A5@MCHP04MSX.global-ad.net> <523CCD06.3030902@gmail.com> <BLU169-W136A55AC013DA147313576D93220@phx.gbl> <523CD42E.8070102@gmail.com> <BLU169-W82036280852F26ED26283C93230@phx.gbl> <523D4F17.2040202@gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD01A8@MCHP04MSX.global-ad.net> <CALDtMrL5pT3MfbQufCphEKq0-pXj+JcfwW__wzG3T6wZ=TuWhg@mail.gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD08EA@MCHP04MSX.global-ad.net> <CALDtMrLcUrxseyiaPc_0AWJw3HPdaBuAS+xpviT2q=y4zmdNgw@mail.gmail.com> <523FD5FD.8030601@gmail.com> <CALDtMrK=9D3qXXK6EeWF4RDk26GHPDgkYfQzdJpD33JNK_MeRw@mail.gmail.com> <523FE3E7.3060101@gmail.com>
Date: Mon, 23 Sep 2013 00:01:16 -0700
Message-ID: <CALDtMrLwkg_POMnt5cDGt6XvGcS9gAA4jgBRBYQeKnF7xuEDzw@mail.gmail.com>
From: Oleg Moskalenko <mom040267@gmail.com>
To: Melinda Shore <melinda.shore@gmail.com>
Content-Type: multipart/alternative; boundary="047d7bdc9a481c627804e7079631"
Cc: "pntaw@ietf.org" <pntaw@ietf.org>
Subject: Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 07:01:17 -0000

On Sun, Sep 22, 2013 at 11:47 PM, Melinda Shore <melinda.shore@gmail.com>wrote:

> My comfort level with telling people who run networks
> that their network access management policies and technologies
> are behind the times and because we know better then they
> do about these things it's fine if we punch holes in their
> firewalls without asking is not very high, to be honest.
>

This is all not about comfort.


>
> At any rate I do think it's worth understanding (yes, I
> used the "u" word) that you're using technologies that were
> intended to address NAT problems for firewall traversal
> and that there are some security issues that need closer
> scrutiny, particularly the specifics of how you protect
> against abuse by attackers.
>

I do not think that anybody would be arguing with this rather obvious
observation.

v2.23.0 | Report a Bug | By Email