Firewalls are a ubiquitous feature of my everyday life, as is NAT.
My home is behind a NAT-ing firewall; my laptop has its own firewall;
every time I travel I rely on that firewall in hot spots (such as
starbucks); I run VirtualPC on my Mac, which has a firewall and NAT
translation; my parent's system is similar to mine: NAT-ing firewall
and on-system firewall for double protection (as are my in-laws' and
brothers' systems); my previous company had a NAT-ing firewall for
each ISP connection, and their product (a linux cluster) had a
firewall to protect itself from the customer's own internal network.
Many small network appliances have firewalls (sometimes NAT-ing ones)
that protect themselves the same way. I could go on and on.
Which means that any network solution -- let alone something as
potentially central as SNMP -- that ignores either NAT or firewall --
is dead on arrival as far as I'm concerned, and as far as any IT
group I've ever seen is concerned. If there are non-firewalled
networks of consequence anymore I am unaware of them. Ignoring these
relegates any solution to theoretical situations or very small in-
home or in-group solutions. Then someone else will have to figure
out some way to manage anything larger scale, which will be able to
also handle small scale and so will overwhelm the non-firewalling,
non-NAT-ing designs. But only after such a relatively impotent
design confuses the world by adding yet one more standard to chose from.
Please get this right this time by including firewalls and NAT in the
solution space so it really *is* a solution.
Ken
P.S. Please also note that a non-firewalled SNMP creates some
pressure to bring down firewalls, to trade off SNMP for security.
Things that pressure networks to be less secure are pretty antisocial
in our current security environment of zombie spam farms, etc.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf