Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]

ietf

[Top] [All Lists]

<prev [Date] next>

<prev [Thread] next>

Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]

2008-02-14 08:05:42

from [Melinda Shore]

[Permanent Link]

On 2/14/08 9:58 AM, "Iljitsch van Beijnum" <iljitsch(_at_)muada(_dot_)com> 
wrote:

Disagree. There is no reason why a stateful firewall would have an
easier time tracking UDP state than any other non-TCP state when there
is no address translation.


There's just a lot more experience with UDP than there
is with some other non-TCP protocols.  Engineers have been
more motivated to deal with it than they have with, say, SCTP.

But anyway, firewalls solve a different problem from NAT.
NAT has incidentally been used as a policy device but
a firewall really is a policy device.  So, while it
might be reasonable to say "I need to figure out how
to get across a NAT," it would also be reasonable to
say "I need to figure out how to get across a firewall
without violating access policy."  You definitely do
not want to design a mechanism that enables policy
violation.

Melinda

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], (continued) Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Jonathan Rosenberg Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Joel M. Halpern Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Jonathan Rosenberg Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Joel M. Halpern Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Harald Tveit Alvestrand Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Joel M. Halpern Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Hannes Tschofenig Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Jonathan Rosenberg RE: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Christian Huitema Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Iljitsch van Beijnum Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Melinda Shore <= Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Hannes Tschofenig Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Spencer Dawkins Do you want the protocol DEPLOYED or not? Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Dan York RE: Do you want the protocol DEPLOYED or not? Re: I-DAction:draft-rosenberg-internet-waist-hourglass-00.txt], Hallam-Baker, Phillip RE: Do you want the protocol DEPLOYED or not? Re: I-DAction:draft-rosenberg-internet-waist-hourglass-00.txt], Harald Tveit Alvestrand RE: Do you want the protocol DEPLOYED or not? Re: I-DAction:draft-rosenberg-internet-waist-hourglass-00.txt], Hallam-Baker, Phillip Re: Do you want the protocol DEPLOYED or not? Re: I-DAction:draft-rosenberg-internet-waist-hourglass-00.txt], Lars Eggert RE: Do you want the protocol DEPLOYED or not? Re: I-DAction:draft-rosenberg-internet-waist-hourglass-00.txt], Hallam-Baker, Phillip Re: [dkim unverified] Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Michael Thomas Re: [dkim unverified] Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Jonathan Rosenberg

Previous by Date:	Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Hannes Tschofenig
Next by Date:	Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Rémi Denis-Courmont
Previous by Thread:	Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Iljitsch van Beijnum
Next by Thread:	Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Hannes Tschofenig
Indexes:	[Date] [Thread] [Top] [All Lists]