Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]

Disagree. There is no reason why a stateful firewall would have an
easier time tracking UDP state than any other non-TCP state when there
is no address translation.


I believe the point here is that a stateful firewall installs a binding 
based on an initial packet from INSIDE the firewall, and removes the packet 
after some inactivity timer expires, and not based on any notion of UDP 
state (!).

So the point is not whether a stateful firewall can track UDP state (!) more 
easily than other non-TCP state, it's that firewall vendors have decided to 
punt on UDP and just run a timer, but they have not decided to punt on all 
non-TCP transport protocols in the same way.

Ignoring the whole "trusted inside/untrusted outside" model for now, of 
course.

Spencer 


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread]	Current Thread	[Next in Thread>
Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], (continued) Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Jonathan Rosenberg Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Joel M. Halpern Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Harald Tveit Alvestrand Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Joel M. Halpern Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Hannes Tschofenig Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Jonathan Rosenberg RE: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Christian Huitema Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Iljitsch van Beijnum Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Melinda Shore Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Hannes Tschofenig Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Spencer Dawkins <= Do you want the protocol DEPLOYED or not? Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Dan York RE: Do you want the protocol DEPLOYED or not? Re: I-DAction:draft-rosenberg-internet-waist-hourglass-00.txt], Hallam-Baker, Phillip RE: Do you want the protocol DEPLOYED or not? Re: I-DAction:draft-rosenberg-internet-waist-hourglass-00.txt], Harald Tveit Alvestrand RE: Do you want the protocol DEPLOYED or not? Re: I-DAction:draft-rosenberg-internet-waist-hourglass-00.txt], Hallam-Baker, Phillip Re: Do you want the protocol DEPLOYED or not? Re: I-DAction:draft-rosenberg-internet-waist-hourglass-00.txt], Lars Eggert RE: Do you want the protocol DEPLOYED or not? Re: I-DAction:draft-rosenberg-internet-waist-hourglass-00.txt], Hallam-Baker, Phillip Re: [dkim unverified] Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Michael Thomas Re: [dkim unverified] Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Jonathan Rosenberg Re: [dkim unverified] Re: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt], Michael Thomas Re: [dkim unverified] Re: I-DAction:draft-rosenberg-internet-waist-hourglass-00.txt], Frank Ellermann