Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations
Melinda Shore <melinda.shore@gmail.com> Mon, 23 September 2013 06:47 UTC
Return-Path: <melinda.shore@gmail.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A40E11E819B for <pntaw@ietfa.amsl.com>; Sun, 22 Sep 2013 23:47:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.443
X-Spam-Level:
X-Spam-Status: No, score=-2.443 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OLLsdZJh3OLk for <pntaw@ietfa.amsl.com>; Sun, 22 Sep 2013 23:47:07 -0700 (PDT)
Received: from mail-pb0-x229.google.com (mail-pb0-x229.google.com [IPv6:2607:f8b0:400e:c01::229]) by ietfa.amsl.com (Postfix) with ESMTP id 9916C11E819A for <pntaw@ietf.org>; Sun, 22 Sep 2013 23:47:07 -0700 (PDT)
Received: by mail-pb0-f41.google.com with SMTP id rp2so2842375pbb.28 for <pntaw@ietf.org>; Sun, 22 Sep 2013 23:47:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=AsKyM08W8Vy2QXg6J+rwSVJ/NCUmDIh63N7bIeSelNc=; b=Q0dLf7PrXudHMmOI/DK19GkbcsrwFVMx7+y4Gp/Cwbw56Em8gMKGCPZ4WNni5P/bgo YTALehrlawPMtgj9iVK5ITsHdf9d+QzEa+9l6eCNEj449zyakejXe8d2gla/41siRv0D 8n0/igChigHMgkiL5MwJe+JZLqCUArElpCZkC4AaJSs6253fWA1lChPFyezVGZECkoOh addooD2WZKXCrO5g0ZYc4M5BVS/cEpAWI467MLEkqylPdPqNUgUNxmAQmmKrE13FhrmP Q+aH3/0Rwojx4TRr+UYwa1KJSF7lCmcfkz5A0vILihKv63Bnz8z2bLfVu2jjptalbgrA gjng==
X-Received: by 10.66.19.137 with SMTP id f9mr1818579pae.138.1379918827234; Sun, 22 Sep 2013 23:47:07 -0700 (PDT)
Received: from spandex.local (63-140-98-62.dynamic.dsl.acsalaska.net. [63.140.98.62]) by mx.google.com with ESMTPSA id qf7sm35816828pac.14.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 22 Sep 2013 23:47:06 -0700 (PDT)
Message-ID: <523FE3E7.3060101@gmail.com>
Date: Sun, 22 Sep 2013 22:47:03 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Oleg Moskalenko <mom040267@gmail.com>
References: <9F33F40F6F2CD847824537F3C4E37DDF17BCF3A5@MCHP04MSX.global-ad.net> <523CCD06.3030902@gmail.com> <BLU169-W136A55AC013DA147313576D93220@phx.gbl> <523CD42E.8070102@gmail.com> <BLU169-W82036280852F26ED26283C93230@phx.gbl> <523D4F17.2040202@gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD01A8@MCHP04MSX.global-ad.net> <CALDtMrL5pT3MfbQufCphEKq0-pXj+JcfwW__wzG3T6wZ=TuWhg@mail.gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD08EA@MCHP04MSX.global-ad.net> <CALDtMrLcUrxseyiaPc_0AWJw3HPdaBuAS+xpviT2q=y4zmdNgw@mail.gmail.com> <523FD5FD.8030601@gmail.com> <CALDtMrK=9D3qXXK6EeWF4RDk26GHPDgkYfQzdJpD33JNK_MeRw@mail.gmail.com>
In-Reply-To: <CALDtMrK=9D3qXXK6EeWF4RDk26GHPDgkYfQzdJpD33JNK_MeRw@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "pntaw@ietf.org" <pntaw@ietf.org>
Subject: Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 06:47:08 -0000
On 9/22/13 10:41 PM, Oleg Moskalenko wrote: > Melinda, you are assuming that the policies are a precise accurate > instrument that can be used to set the exact network access rules. > > They are not. The reality is that the modern state of network policies > is rather behind the real-world requirements. My comfort level with telling people who run networks that their network access management policies and technologies are behind the times and because we know better then they do about these things it's fine if we punch holes in their firewalls without asking is not very high, to be honest. At any rate I do think it's worth understanding (yes, I used the "u" word) that you're using technologies that were intended to address NAT problems for firewall traversal and that there are some security issues that need closer scrutiny, particularly the specifics of how you protect against abuse by attackers. Melinda
- [pntaw] New version of draft-hutton-rtcweb-nat-fi… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Bernard Aboba
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Bernard Aboba
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Bernard Aboba
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Oleg Moskalenko
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Oleg Moskalenko
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Oleg Moskalenko
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Melinda Shore
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Oleg Moskalenko
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Melinda Shore
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Oleg Moskalenko
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Melinda Shore
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Markus.Isomaki
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Markus.Isomaki
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Chenxin (Xin)
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Tirumaleswar Reddy (tireddy)
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Melinda Shore
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Melinda Shore
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Oleg Moskalenko
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew