IETF Logo Mail Archive

Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations

Melinda Shore <melinda.shore@gmail.com> Mon, 23 September 2013 05:47 UTC

Return-Path: <melinda.shore@gmail.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFF3321F9F88 for <pntaw@ietfa.amsl.com>; Sun, 22 Sep 2013 22:47:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.443
X-Spam-Level:
X-Spam-Status: No, score=-2.443 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w+yecLPQ+QTt for <pntaw@ietfa.amsl.com>; Sun, 22 Sep 2013 22:47:46 -0700 (PDT)
Received: from mail-pb0-x233.google.com (mail-pb0-x233.google.com [IPv6:2607:f8b0:400e:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id 4362F21F9F84 for <pntaw@ietf.org>; Sun, 22 Sep 2013 22:47:46 -0700 (PDT)
Received: by mail-pb0-f51.google.com with SMTP id jt11so2753572pbb.38 for <pntaw@ietf.org>; Sun, 22 Sep 2013 22:47:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=8EkB6NkPxh1xOUXy20Sm0hdrXEXveFvC0v1HMQeNCYM=; b=ctCNtthS/vTdc7KLoTwUQbpELmFcgS/tAOpXlXvgT7LyRV0M1O8GaYM8U2pPrv9Akg u4jY5ga7XeSTeHW+v36HAGwzDoXTaEyaTA1JvXYSP8YcYtjjOZ4Xkz4CoctqS/GalKZy pY4nH2acBoBZjvB7GTIiX/AM5jAm1CjxSHndw9ptqI897QeCxfi7+rrSgUnc99f5PhCP TRAnbpqp02qd+loMNgdad9vPtIi9llLoKeJOxPfaEkRASHwbwIUtjZjXKqYA9cF0Vwdu qz82QN7AMdTE2e2jpHUtkY9A6l7cBck938GzYAPdDPfDXiEVa5INJdwVo+DUqqpuvrMQ sLwg==
X-Received: by 10.66.171.204 with SMTP id aw12mr22807247pac.7.1379915265912; Sun, 22 Sep 2013 22:47:45 -0700 (PDT)
Received: from spandex.local (63-140-98-62.dynamic.dsl.acsalaska.net. [63.140.98.62]) by mx.google.com with ESMTPSA id aq1sm1761246pbc.9.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 22 Sep 2013 22:47:44 -0700 (PDT)
Message-ID: <523FD5FD.8030601@gmail.com>
Date: Sun, 22 Sep 2013 21:47:41 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: pntaw@ietf.org
References: <9F33F40F6F2CD847824537F3C4E37DDF17BCF3A5@MCHP04MSX.global-ad.net> <523CCD06.3030902@gmail.com> <BLU169-W136A55AC013DA147313576D93220@phx.gbl> <523CD42E.8070102@gmail.com> <BLU169-W82036280852F26ED26283C93230@phx.gbl> <523D4F17.2040202@gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD01A8@MCHP04MSX.global-ad.net> <CALDtMrL5pT3MfbQufCphEKq0-pXj+JcfwW__wzG3T6wZ=TuWhg@mail.gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD08EA@MCHP04MSX.global-ad.net> <CALDtMrLcUrxseyiaPc_0AWJw3HPdaBuAS+xpviT2q=y4zmdNgw@mail.gmail.com>
In-Reply-To: <CALDtMrLcUrxseyiaPc_0AWJw3HPdaBuAS+xpviT2q=y4zmdNgw@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 05:47:46 -0000

On 9/22/13 9:36 PM, Oleg Moskalenko wrote:
> Each large enterprise IT has a complex history and complex web of
> policies. If a new standard provides new capabilities and useful
> possible scenarios, without imposing strict rules on IT departments,
> then I guess that would be a right thing.

I think this is actually a pretty serious problem, but Elvis,
as they say, has left the building.  The IETF RAI area has
standardized protocols for avoiding the enforcement of local
access policies.  The earlier work on STUN and TURN was to
allow operation across NAT, which is (arguably) not a policy
mechanism, but you all seem to want to extend it to allow
operation across firewalls *which by policy do not permit
the traffic in question*.  It's probably too late to do much
about it but I hope that you're having lots of conversations
with lots of enterprises whose firewalls you're planning on
forcing your way through, to make sure that they're on board
with this.

Melinda

v2.23.0 | Report a Bug | By Email