IETF Logo Mail Archive

Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations

Melinda Shore <melinda.shore@gmail.com> Mon, 23 September 2013 07:14 UTC

Return-Path: <melinda.shore@gmail.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2590521F9985 for <pntaw@ietfa.amsl.com>; Mon, 23 Sep 2013 00:14:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.443
X-Spam-Level:
X-Spam-Status: No, score=-2.443 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZY+bgxArans for <pntaw@ietfa.amsl.com>; Mon, 23 Sep 2013 00:14:47 -0700 (PDT)
Received: from mail-pb0-x22a.google.com (mail-pb0-x22a.google.com [IPv6:2607:f8b0:400e:c01::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 0C3A421F995F for <pntaw@ietf.org>; Mon, 23 Sep 2013 00:14:45 -0700 (PDT)
Received: by mail-pb0-f42.google.com with SMTP id un15so2856175pbc.15 for <pntaw@ietf.org>; Mon, 23 Sep 2013 00:14:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=ZpIMfp1Mtg20EsEkzVepSFGd//qllo1ISuSwaSzog1E=; b=e6zuoS8+2soFJ5rSGzCELSRZq3zdKXNk9RbbVkKJLyIei/AwS0xbiU5ZT9uS/O2eiy MAB3e+tVTy8YADp+8xqy/YHnAfsozOy6qPpKlMampE8CAPoSRdxBMg5/7NoobesufR6W P217QYsT+UqPZwM2rrBqUQuTNymdyWn10Ktp/qiM55RlSxAsv9YisEUmsv3CmI0OQ292 hH20cuKbGLF8LJVE2zbQp1WXPPCm1AgjyX8axWAZre7OGDPFBVRNpLcwbN5z11jtfH/U 7Rvdw9KLw8kiPNrW96T4x1vytRCnWDjHYXtADXJhOJhdmeRE6wFfag+zrA2o9l3HKDHP RRJQ==
X-Received: by 10.68.224.38 with SMTP id qz6mr742800pbc.156.1379920485339; Mon, 23 Sep 2013 00:14:45 -0700 (PDT)
Received: from spandex.local (63-140-98-62.dynamic.dsl.acsalaska.net. [63.140.98.62]) by mx.google.com with ESMTPSA id gh2sm2359793pbc.40.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 23 Sep 2013 00:14:44 -0700 (PDT)
Message-ID: <523FEA61.6050105@gmail.com>
Date: Sun, 22 Sep 2013 23:14:41 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Oleg Moskalenko <mom040267@gmail.com>
References: <9F33F40F6F2CD847824537F3C4E37DDF17BCF3A5@MCHP04MSX.global-ad.net> <523CCD06.3030902@gmail.com> <BLU169-W136A55AC013DA147313576D93220@phx.gbl> <523CD42E.8070102@gmail.com> <BLU169-W82036280852F26ED26283C93230@phx.gbl> <523D4F17.2040202@gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD01A8@MCHP04MSX.global-ad.net> <CALDtMrL5pT3MfbQufCphEKq0-pXj+JcfwW__wzG3T6wZ=TuWhg@mail.gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD08EA@MCHP04MSX.global-ad.net> <CALDtMrLcUrxseyiaPc_0AWJw3HPdaBuAS+xpviT2q=y4zmdNgw@mail.gmail.com> <523FD5FD.8030601@gmail.com> <CALDtMrK=9D3qXXK6EeWF4RDk26GHPDgkYfQzdJpD33JNK_MeRw@mail.gmail.com> <523FE3E7.3060101@gmail.com> <CALDtMrLwkg_POMnt5cDGt6XvGcS9gAA4jgBRBYQeKnF7xuEDzw@mail.gmail.com>
In-Reply-To: <CALDtMrLwkg_POMnt5cDGt6XvGcS9gAA4jgBRBYQeKnF7xuEDzw@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "pntaw@ietf.org" <pntaw@ietf.org>
Subject: Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 07:14:48 -0000

On 9/22/13 11:01 PM, Oleg Moskalenko wrote:
>     My comfort level with telling people who run networks
>     that their network access management policies and technologies
>     are behind the times and because we know better then they
>     do about these things it's fine if we punch holes in their
>     firewalls without asking is not very high, to be honest.
> This is all not about comfort.

There is not much value in standardizing technologies which
are not going to be deployed, nor is there value in telling
the people who run networks that they're morons and the IETF
knows better than they do how they should be managing their
access policies.

>     At any rate I do think it's worth understanding (yes, I
>     used the "u" word) that you're using technologies that were
>     intended to address NAT problems for firewall traversal
>     and that there are some security issues that need closer
>     scrutiny, particularly the specifics of how you protect
>     against abuse by attackers.
> I do not think that anybody would be arguing with this rather obvious
> observation.

It's hard to tell.  One thing that can help a lot is to
actually write the security considerations section of your
documents, rather than filling it in with a "TBD."  Seems to
be a common problem with rtcweb documents, and not at all
reassuring.

Melinda

v2.23.0 | Report a Bug | By Email