RE: IPv6 NAT?

-----Original Message-----
From: Rémi Després [mailto:remi(_dot_)despres(_at_)free(_dot_)fr] 
Sent: Monday, February 18, 2008 11:28 AM
To: Dan Wing
Cc: ietf(_at_)ietf(_dot_)org
Subject: Re: IPv6 NAT?

Dan Wing wrote :


              ""If a client host takes a new randomly chosen
              "privacy IID" for each of its outgoing 
connections: (1) its 
              address and
              its chosen port will keep their E2E 
significance; (2) no one will know
              where it is in its site; (3) any attempt to 
call such an address will
              fail; (4) the host will easily clean up its 
state when it knows a
              connection is finished, or when it resets, or 
when its power is turned
              off; (5) no stateful logic is needed in any 
intermediate box; (6)
              intermediate boxes are not concerned with 
protocols used (UDP, TCP,
              SCTP...).""
                  

      
      Sounds like RFC4941.
        

Basically, it extends use of Privacy IIDs of RFC4941.


      I do not believe today's application developers are comfortable
      with determining if and when their application needs to perform
      the functions of RFC4941.
      
        

It would not be an application concern.
If users want this kind of strong privacy,


Typically, users don't know or care; more often it is the network
administrator that cares.

they activate this 
"extended privacy option" in their hosts.
Then the stack below applications applies the "one new 
address for each outgoing connection" rule.
Addresses and ports keep their E2E significance for ALL applications.


Thanks for the educating me on where this feature would be implemented.  I
have long assumed that v6 privacy is something the application would need to
be involved with.


Is this functionality already available in Vista and Leopard?

-d

On the opposite, if NATs MAY be present between the two ends, 
applications are concerned.
Some of them may have to work differently depending on 
whether there is a NAT or not, and depending on which ALG 
functions it performs.
That is precisely what can be avoided thanks to IPv6 (and 
IMHO SHOULD be avoided).

RD


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread]	Current Thread	[Next in Thread>
RE: IPv6 NAT?, (continued) RE: IPv6 NAT?, Dan Wing RE: IPv6 NAT?, Dan Wing Re: IPv6 NAT?, Iljitsch van Beijnum RE: IPv6 NAT?, Dan Wing Re: IPv6 NAT?, Jonathan Rosenberg Re: IPv6 NAT?, David Kessens Re: IPv6 NAT?, Iljitsch van Beijnum Re: IPv6 NAT?, Keith Moore Re: IPv6 NAT?, Rémi Després RE: IPv6 NAT?, Dan Wing Message not available RE: IPv6 NAT?, Dan Wing <= Re: IPv6 NAT?, Rémi Després RE: IPv6 NAT?, Dan Wing Re: IPv6 NAT?, Iljitsch van Beijnum Re: IPv6 NAT?, Rémi Després Re: IPv6 NAT?, Mark Andrews Re: IPv6 NAT?, Rémi Després Re: IPv6 NAT?, Stephane Bortzmeyer Re: IPv6 NAT?, Rémi Després Re: IPv6 NAT?, Stephane Bortzmeyer Re: IPv6 NAT?, Rémi Després