On Tuesday, December 2, 2003, at 08:22 AM, Spencer Dawkins wrote:
Yeah, but this was the point. Where is the community consensus
document that says all this?
3235 goes into some of it, albeit from an application perspective.
2993 does as well, but at three years old it's already slightly
outdated. One thing that hasn't been discussed and needs to be is
that NAT workarounds have become a growth industry and they introduce
a bunch of new security and other problems.
I'm not sure if you're arguing that there should be a comprehensive
document presenting the technical problems introduced by NATs. I
suspect there should be, although frankly this is one particular
area where there's a clear and growing divide between this community
and the network administrator community (particularly enterprise
and residential). We've known about these problems for a very
long time and the argument that these problems are a serious impediment
to network {stability,robustness,whathaveyou} have not been accepted
by the people who deploy real networks.
At this point I really don't think it's the case that we haven't
made the argument well, or at sufficient volume. People who put NATs
in their networks are usually responding to immediate or perceived
needs, and I think it's frequently, if not mostly, the case that they
understand what they're doing and simply don't have the luxury of
being able to worry about the longer-term implications. In that
context our arguments are sometimes perceived as condescending and
out-of-touch. Because of that it becomes difficult for the "NATs
cause problems" position to become sufficiently widely accepted to
overcome the conventional wisdom that NATs provide security, etc.
I imagine we're going to be running into a similar situation with the
mad use of tunnels in the not-too-distant future.
Melinda